CVE-2026-2153 – This CVE describes an open redirect vulnerabili... (How to Fix)

Q: What is the severity of CVE-2026-2153?

CVE-2026-2153 has a CVSS score of 4.3 (MEDIUM). This CVE describes an open redirect vulnerability in mwielgoszewski's doorman application up to version 0.6. Attackers can manipulate the 'Next' parameter to redirect users to malicious websites after authentication. This affects all users of vulnerable doorman installations.

📋 TL;DR

This CVE describes an open redirect vulnerability in mwielgoszewski's doorman application up to version 0.6. Attackers can manipulate the 'Next' parameter to redirect users to malicious websites after authentication. This affects all users of vulnerable doorman installations.

💻 Affected Systems

Products:

mwielgoszewski doorman

Versions: up to 0.6

Operating Systems: all

Default Config Vulnerable: ⚠️ Yes

Notes: All installations using the vulnerable is_safe_url function in doorman/users/views.py are affected.

📦 What is this software?

Doorman by Mwielgoszewski

View all CVEs affecting Doorman →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Users could be redirected to phishing sites that steal credentials or deliver malware after legitimate authentication.

🟠

Likely Case

Attackers use the redirect for phishing campaigns, tricking users into visiting malicious sites while appearing to come from a trusted source.

🟢

If Mitigated

With proper URL validation and user awareness, impact is limited to potential confusion but no direct compromise.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires user interaction (clicking a link) but is trivial to implement once the vulnerability is understood.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.7 or later

Vendor Advisory: https://github.com/mwielgoszewski/doorman

Restart Required: Yes

Instructions:

1. Update doorman to version 0.7 or later. 2. Restart the doorman service. 3. Verify the fix by testing redirect functionality.

🔧 Temporary Workarounds

Input validation middleware

all

Add middleware to validate and sanitize all URL parameters before processing.

# Add custom middleware to validate 'Next' parameter
# Implementation depends on your specific Django/Flask setup

Domain whitelist

all

Restrict redirects to pre-approved domains only.

# Modify is_safe_url function to check against whitelist
ALLOWED_REDIRECT_DOMAINS = ['yourdomain.com', 'trusted.com']

🧯 If You Can't Patch

Implement WAF rules to block redirects to external domains from authentication endpoints.
Educate users about phishing risks and verify URLs before clicking redirects.

🔍 How to Verify

Check if Vulnerable:

Check doorman version: if version <= 0.6, test by attempting to redirect to external domain using Next parameter.

Check Version:

pip show doorman | grep Version

Verify Fix Applied:

After updating to 0.7+, test that redirects to external domains are blocked or properly validated.

📡 Detection & Monitoring

Log Indicators:

Unusual redirect patterns in authentication logs
Multiple failed redirect attempts to external domains

Network Indicators:

HTTP 302 redirects to unexpected external domains after authentication

SIEM Query:

source="doorman" AND (url="*Next=*" OR status=302) AND url!="*yourdomain.com*"

📊 Metadata

CVE ID: CVE-2026-2153

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE: CWE-601

EPSS Score: 0.03% exploit probability (8.3th percentile)

Published: February 8, 2026

Last Updated: March 5, 2026

🔗 References

https://gist.github.com/RacerZ-fighting/39f230feb0e450ae54f0a80c63c5d924 Exploit,Third Party Advisory
https://vuldb.com/?ctiid.344855 Permissions Required,VDB Entry
https://vuldb.com/?id.344855 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.748072 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-2153, you might also want to check these: