What is the CVSS score of CVE-2026-27982?

CVE-2026-27982 has a CVSS 3.1 base score of 6.1 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. EPSS exploitation probability: 0.0%.

Which versions of Open Redirect are affected by CVE-2026-27982?

Organizations using django-allauth should be aware of moderate risk from CVE-2026-27982 rated CVSS 6.1. Exploitation could compromise the security of affected deployments.. A patch is available.

Open Redirect CVE-2026-27982

MEDIUM

URL Redirection to Untrusted Site (Open Redirect) (CWE-601)

2026-03-05 vultures@jpcert.or.jp

GHSA-2jpr-83rg-v67j

Open Redirect Red Hat Django Allauth

6.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 12, 2026 - 22:06 vuln.today

CVE Published

Mar 05, 2026 - 06:16 nvd

MEDIUM 6.1

Blast Radius

ecosystem impact

† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth

1 pypi packages depend on django-allauth (1 direct, 0 indirect)

Ecosystem-wide dependent count for version 65.14.1.

DescriptionNVD

An open redirect vulnerability exists in django-allauth versions prior to 65.14.1 when SAML IdP initiated SSO is enabled (it is disabled by default), which may allow an attacker to redirect users to an arbitrary external website via a crafted URL.

AnalysisAI

Allauth versions up to 65.14.1 is affected by url redirection to untrusted site (open redirect) (CVSS 6.1).

RemediationAI

Within 30 days: Identify affected systems running django-allauth and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory