CVE-2026-23726

Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.6.2

Description WeGIA is a web manager for charitable institutions. An Open Redirect issue exists in the /WeGIA/controle/control.php API endpoint, specifically through the nextPage parameter when used with metodo=listarTodos and nomeClasse=TipoEntradaControle. The application does not properly validate the nextPage parameter, which allows attackers to redirect users to arbitrary external websites. This could be used for phishing attacks, credential theft, malware distribution, and social engineering leveraging the trusted WeGIA domain.

Recommendations Upgrade to version 3.6.2 or later.