Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.1
Django Allauth SAML SSO Redirects Users to Malicious Sites
CVE-2026-27982
GHSA-2jpr-83rg-v67j
Summary
Django Allauth versions prior to 65.14.1 allow hackers to trick users into visiting fake websites by manipulating URLs. This is a concern for sites that use SAML Single Sign-On (SSO), which is disabled by default. To protect your users, update to the latest version of Django Allauth or disable SAML SSO if you don't need it.
What to do
- Update django-allauth to version 65.14.1.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | django-allauth | <= 65.14.1 | 65.14.1 |
| allauth | allauth | <= 65.14.1 | – |
Original title
An open redirect vulnerability exists in django-allauth versions prior to 65.14.1 when SAML IdP initiated SSO is enabled (it is disabled by default), which may allow an attacker to redirect users t...
Original description
An open redirect vulnerability exists in django-allauth versions prior to 65.14.1 when SAML IdP initiated SSO is enabled (it is disabled by default), which may allow an attacker to redirect users to an arbitrary external website via a crafted URL.
nvd CVSS3.0
4.3
nvd CVSS4.0
5.1
Vulnerability type
CWE-601
Open Redirect
Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026