CVE-2026-2153 — AI Deep Analysis Summary

**🚨 Open Redirect Vulnerability** in `doorman/users/views.py`'s `is_safe_url` function. 🧨 Attackers can redirect users to malicious sites via `Next` parameter.…

**❌ CWE-601: Improper Restriction of Redirects**. 📌 The `is_safe_url` function fails to validate URLs properly, allowing external redirects. 🧩 Root cause: Insecure URL handling logic.

**⚠️ Affected: doorman project (≤ v0.6)**. 📦 Component: `users/views.py` in mwielgoszewski's doorman. 📦 All versions up to 0.6 are vulnerable.

**🔓 Hackers can redirect users** to any external site. 🎯 No data theft or privilege escalation. 🎯 Goal: Trick users into visiting phishing pages or fake login forms.

**🔓 Low threshold**. 🚫 No auth required. 🧩 Exploitation via crafted `Next` parameter in URL. 🎯 Easy to trigger remotely.

**✅ Public PoC exists**. 📌 Gist link: [https://gist.github.com/RacerZ-fighting/39f230feb0e450ae54f0a80c63c5d924](https://gist.github.com/RacerZ-fighting/39f230feb0e450ae54f0a80c63c5d924). 🌐 Exploitation likely in wild.

**🔍 Self-check**: 🔎 Look for `is_safe_url` in `views.py`. 🧪 Test with `?next=https://evil.com`. 📊 Use web scanners (e.g., OWASP ZAP) to detect open redirects.

**🛠️ No official patch mentioned**. 📌 Latest commit (9a9b97c8) still vulnerable. 📢 Patch not released as of 2026-02-08. 🚨 No mitigation details in data.

**🛡️ Workaround**: 🛑 Hardcode allowed domains in `is_safe_url`. 🧱 Reject all external URLs. 🧩 Use a whitelist of trusted domains only.

**⚠️ Medium-Urgent**. 📊 CVSS: 5.3 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N). 🚨 Not critical, but high-risk for phishing. 📌 Patch ASAP if possible.