Fluid Attacks Database

Description

django-allauth has an open redirect vulnerability An open redirect vulnerability exists in django-allauth versions prior to 65.14.1 when SAML IdP initiated SSO is enabled (it is disabled by default), which may allow an attacker to redirect users to an arbitrary external website via a crafted URL.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	django-allauth	=0.44.0+ds-1 \|\| =0.44.0+ds-1+deb11u1 \|\| =0.46.0+ds-1 \|\| =0.47.0-1 \|\| =0.51.0-1 \|\| =0.58.2-2 \|\| =64.1.0-1 \|\| =65.0.2-1 \|\| =65.0.2-2 \|\| =65.15.0-1	-
debian 12	django-allauth	=0.51.0-1 \|\| =0.58.2-2 \|\| =64.1.0-1 \|\| =65.0.2-1 \|\| =65.0.2-2 \|\| =65.15.0-1	-
pypi	django-allauth	>=0 <65.14.1	65.14.1
debian 13	django-allauth	=65.0.2-1 \|\| =65.0.2-2 \|\| =65.15.0-1	-
debian 14	django-allauth	=65.0.2-1 \|\| =65.0.2-2 \|\| >=0 <65.15.0-1	65.15.0-1

Aliases

1. CVE-2026-279822. NVD-2026-279823. OSV-DEBIAN-2026-279824. OSV-2026-279825. GCVE-2026-279826. SECURITY-TRACKER-CVE-2026-27982

References

1. https://allauth.org/news/2026/02/django-allauth-65.14.1-released2. https://github.com/pypa/advisory-database/tree/main/vulns/django-allauth/PYSEC-2026-56.yaml3. https://jvn.jp/en/jp/JVN23669411

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.