CVE-2026-2153
Open Redirect Vulnerability in mwielgoszewski doorman is_safe_url Function
Publication date: 2026-02-08
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mwielgoszewski | doorman | to 0.6 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-601 | The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-2153 is an Open Redirect vulnerability found in the mwielgoszewski doorman project, versions up to 0.6, specifically in the function is_safe_url located in the file doorman/users/views.py.'}, {'type': 'paragraph', 'content': 'The vulnerability arises from improper handling of the "next" argument, which can be manipulated with crafted input containing redundant leading slashes (e.g., /////////evil.com) to bypass domain validation.'}, {'type': 'paragraph', 'content': 'This causes the server to incorrectly validate the URL as safe and issue a redirect to an external malicious site, even though the server-side URL parsing treats the input as a path rather than a new domain.'}, {'type': 'paragraph', 'content': 'However, browsers interpret the redirect differently, collapsing the slashes and navigating to the attacker-controlled external site, enabling attackers to redirect users to arbitrary URLs.'}, {'type': 'paragraph', 'content': 'The vulnerability can be exploited remotely without authentication and requires only user interaction to trigger the redirect.'}] [1, 2, 3]
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': 'This vulnerability allows attackers to redirect users of the affected application to arbitrary external websites controlled by the attacker.'}, {'type': 'paragraph', 'content': 'Such open redirects can be used in phishing attacks, where users are tricked into believing they are navigating within a trusted site but are instead sent to malicious sites designed to steal credentials or distribute malware.'}, {'type': 'paragraph', 'content': "Because the redirect occurs immediately after login, it can compromise the integrity and trustworthiness of the application, potentially damaging user trust and the application's reputation."}, {'type': 'paragraph', 'content': 'The vulnerability requires no authentication and can be exploited remotely, increasing the risk and ease of attack.'}] [1, 3]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by testing the handling of the "next" argument in the affected application, specifically by sending crafted URLs with redundant leading slashes to see if an open redirect occurs.'}, {'type': 'paragraph', 'content': 'A practical approach is to perform HTTP requests to the login or redirect endpoint with payloads such as `/login?next=/////////evil.com` and observe if the server issues a redirect to an external site.'}, {'type': 'paragraph', 'content': 'Example command using curl to test the vulnerability:'}, {'type': 'list_item', 'content': 'curl -v "http://your-app.com/login?next=/////////evil.com"'}, {'type': 'paragraph', 'content': 'If the server responds with a 302 redirect to an external domain (e.g., evil.com), the vulnerability is present.'}] [3]
What immediate steps should I take to mitigate this vulnerability?
No known mitigations or countermeasures have been identified for this vulnerability.
The recommended immediate step is to replace the affected component (mwielgoszewski doorman versions up to 0.6) with an alternative product that does not contain this vulnerability.