Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-2153 is an Open Redirect vulnerability found in the mwielgoszewski doorman project, versions up to 0.6, specifically in the function is_safe_url located in the file doorman/users/views.py.'}, {'type': 'paragraph', 'content': 'The vulnerability arises from improper handling of the "next" argument, which can be manipulated with crafted input containing redundant leading slashes (e.g., /////////evil.com) to bypass domain validation.'}, {'type': 'paragraph', 'content': 'This causes the server to incorrectly validate the URL as safe and issue a redirect to an external malicious site, even though the server-side URL parsing treats the input as a path rather than a new domain.'}, {'type': 'paragraph', 'content': 'However, browsers interpret the redirect differently, collapsing the slashes and navigating to the attacker-controlled external site, enabling attackers to redirect users to arbitrary URLs.'}, {'type': 'paragraph', 'content': 'The vulnerability can be exploited remotely without authentication and requires only user interaction to trigger the redirect.'}] [1, 2, 3]

Useful 0 Not Useful 0

Impact Analysis

[{'type': 'paragraph', 'content': 'This vulnerability allows attackers to redirect users of the affected application to arbitrary external websites controlled by the attacker.'}, {'type': 'paragraph', 'content': 'Such open redirects can be used in phishing attacks, where users are tricked into believing they are navigating within a trusted site but are instead sent to malicious sites designed to steal credentials or distribute malware.'}, {'type': 'paragraph', 'content': "Because the redirect occurs immediately after login, it can compromise the integrity and trustworthiness of the application, potentially damaging user trust and the application's reputation."}, {'type': 'paragraph', 'content': 'The vulnerability requires no authentication and can be exploited remotely, increasing the risk and ease of attack.'}] [1, 3]

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by testing the handling of the "next" argument in the affected application, specifically by sending crafted URLs with redundant leading slashes to see if an open redirect occurs.'}, {'type': 'paragraph', 'content': 'A practical approach is to perform HTTP requests to the login or redirect endpoint with payloads such as `/login?next=/////////evil.com` and observe if the server issues a redirect to an external site.'}, {'type': 'paragraph', 'content': 'Example command using curl to test the vulnerability:'}, {'type': 'list_item', 'content': 'curl -v "http://your-app.com/login?next=/////////evil.com"'}, {'type': 'paragraph', 'content': 'If the server responds with a 302 redirect to an external domain (e.g., evil.com), the vulnerability is present.'}] [3]

Useful 0 Not Useful 0

Mitigation Strategies

No known mitigations or countermeasures have been identified for this vulnerability.

The recommended immediate step is to replace the affected component (mwielgoszewski doorman versions up to 0.6) with an alternative product that does not contain this vulnerability.

Useful 0 Not Useful 0