UBUNTU-CVE-2026-27982

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2026-27982

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-27982.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-27982

Upstream

CVE-2026-27982

Published

2026-03-05T06:16:00Z

Modified

2026-04-27T18:56:13.362759Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVSS Calculator
5.1 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N CVSS Calculator
6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

An open redirect vulnerability exists in django-allauth versions prior to 65.14.1 when SAML IdP initiated SSO is enabled (it is disabled by default), which may allow an attacker to redirect users to an arbitrary external website via a crafted URL.

References

Affected packages

Ubuntu:18.04:LTS

django-allauth

Package

Name: django-allauth
Purl: pkg:deb/ubuntu/django-allauth@0.35.0-1?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.33.0-1

0.34.0-1

0.34.0-2

0.34.0-3

0.35.0-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "python-django-allauth",
            "binary_version": "0.35.0-1"
        },
        {
            "binary_name": "python3-django-allauth",
            "binary_version": "0.35.0-1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-27982.json"

Ubuntu:20.04:LTS

django-allauth

Package

Name: django-allauth
Purl: pkg:deb/ubuntu/django-allauth@0.41.0+ds-1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.39.1+ds-1

0.40.0+ds-2

0.41.0+ds-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "python3-django-allauth",
            "binary_version": "0.41.0+ds-1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-27982.json"

Ubuntu:22.04:LTS

django-allauth

Package

Name: django-allauth
Purl: pkg:deb/ubuntu/django-allauth@0.47.0-1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.44.0+ds-1

0.46.0+ds-1

0.47.0-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "python3-django-allauth",
            "binary_version": "0.47.0-1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-27982.json"

Ubuntu:24.04:LTS

django-allauth

Package

Name: django-allauth
Purl: pkg:deb/ubuntu/django-allauth@0.58.2-2?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.51.0-1

0.58.2-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "python3-django-allauth",
            "binary_version": "0.58.2-2"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-27982.json"

Ubuntu:25.10

django-allauth

Package

Name: django-allauth
Purl: pkg:deb/ubuntu/django-allauth@65.0.2-1?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

65.*

65.0.2-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "python3-django-allauth",
            "binary_version": "65.0.2-1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-27982.json"

Ubuntu:26.04

django-allauth

Package

Name: django-allauth
Purl: pkg:deb/ubuntu/django-allauth@65.0.2-2?arch=source&distro=resolute

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

65.*

65.0.2-1

65.0.2-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "python3-django-allauth",
            "binary_version": "65.0.2-2"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-27982.json"