Alerts This Week
Warning Icon 1 1,102
Alerts This Week
Warning Icon 1 1,102

Fedora 44 python-django-allauth Important Open Redirect CVE-2026-27982

fedora
Calendar Grey June 25, 2026
Dist Fedora Esm H88
Update for python-django-allauth addresses an important threat: Open redirect via crafted URL in SAML IdP initiated SSO.
Update to the latest django-allauth Fixes CVE-2026-27982

Summary

Integrated set of Django applications addressing authentication, registration,

account management as well as 3rd party (social) account authentication.

Most existing Django apps that address the problem of social authentication

focus on just that. You typically need to integrate another app in order to

support authentication via a local account.

This approach separates the worlds of local and social authentication. However,

there are common scenarios to be dealt with in both worlds. For example, an

e-mail address passed along by an OpenID provider is not guaranteed to be

verified. So, before hooking an OpenID account up to a local account the e-mail

address must be verified. So, e-mail verification needs to be present in both

worlds.

Integrating both worlds is quite a tedious process. It is definitely not a

matter of simply adding one social authentication app, and one local account

registration app to your INSTALLED_APPS list.

This is the reason this project got started – to offer a fully integrated

authentication app that allows for both local and social authentication, with

flows that just work.

Update Information:

Update to the latest django-allauth Fixes CVE-2026-27982

Topics%20covered

Topics Covered

security advisory fedora important open redirect python-django-allauth CVE-2026-27982

Change Log

* Tue Jun 16 2026 Michel Lind - 65.18.0-1 - Update to version 65.18.0; Resolves RHBZ#2334129 - Fixes CVE-2026-27982: Open redirect via crafted URL in SAML IdP initiated SSO * Sat Jun 6 2026 Python Maint - 65.8.1-3 - Rebuilt for Python 3.15

References


[ 1 ] Bug #2334129 - python-django-allauth-65.18.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2334129 [ 2 ] Bug #2444766 - CVE-2026-27982 python-django-allauth: django-allauth: Open redirect via crafted URL in SAML IdP initiated SSO [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2444766 [ 3 ] Bug #2458667 - python-django-allauth fails to build with Python 3.15: AssertionError: assert 'Flow.PROVIDER_SIGNUP' == 'provider_signup' https://bugzilla.redhat.com/show_bug.cgi?id=2458667

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-2c5cde060d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: python-django-allauth
Product: Fedora 44
Version: 65.18.0
Release: 1.fc44
URL: https://allauth.org/
Summary: Integrated set of Django authentication apps

Topics%20covered

Topics Covered

security advisory fedora important open redirect python-django-allauth CVE-2026-27982

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here