CVE-2026-27982 is an open redirect vulnerability identified in the django-allauth library, a popular authentication solution for Django web applications. The vulnerability exists in all versions prior to 65.14.1 and manifests when the SAML Identity Provider (IdP) initiated Single Sign-On (SSO) feature is enabled, which is disabled by default. The flaw allows an attacker to craft a malicious URL that, when clicked by a user, redirects them to an arbitrary external website without proper validation or sanitization of the redirect target. This can be exploited to conduct phishing attacks by redirecting users to malicious sites that mimic legitimate services, potentially leading to credential theft or malware distribution. The vulnerability does not require any authentication and only requires user interaction (clicking the crafted URL). The CVSS 3.0 base score is 4.3 (medium severity), reflecting the ease of exploitation and limited impact on confidentiality and availability but some impact on integrity due to user deception. No known exploits have been reported in the wild as of the publication date. The vulnerability was publicly disclosed on March 5, 2026, and the recommended fix is to upgrade django-allauth to version 65.14.1 or later, where input validation for redirect URLs has been improved to prevent open redirects.

The primary impact of this vulnerability is the facilitation of phishing and social engineering attacks. By redirecting users to attacker-controlled sites, adversaries can impersonate legitimate services, trick users into divulging sensitive information, or deliver malware payloads. Although the vulnerability does not directly compromise system confidentiality or availability, the indirect consequences can be severe, including credential compromise and subsequent unauthorized access. Organizations relying on django-allauth with SAML IdP initiated SSO enabled may see increased risk of user-targeted attacks, potentially damaging brand reputation and user trust. The vulnerability's exploitation requires user interaction, which limits automated large-scale exploitation but does not eliminate targeted attacks. Given the widespread use of Django in web applications globally, especially in enterprise environments leveraging SAML for federated authentication, the risk is non-trivial. No known active exploitation reduces immediate urgency but patching is critical to prevent future attacks.

1. Upgrade django-allauth to version 65.14.1 or later immediately to apply the patch that fixes the open redirect vulnerability. 2. If upgrading is not immediately feasible, disable SAML IdP initiated SSO, as it is disabled by default and the vulnerability only manifests when this feature is enabled. 3. Implement strict validation and sanitization of redirect URLs in custom authentication flows to ensure only trusted domains are allowed. 4. Educate users about the risks of clicking on suspicious links, especially those that appear to redirect to external sites. 5. Monitor web application logs for unusual redirect patterns or suspicious URL parameters that could indicate exploitation attempts. 6. Employ web application firewalls (WAFs) with rules to detect and block open redirect attempts targeting your applications. 7. Conduct regular security assessments and penetration testing focusing on authentication and redirection mechanisms to identify similar vulnerabilities.