CVE-2026-23726 is an Open Redirect vulnerability classified under CWE-601 found in the LabRedesCefetRJ WeGIA application, a web management platform used by charitable institutions. The vulnerability resides in the /WeGIA/controle/control.php endpoint, specifically in the handling of the nextPage parameter when combined with the query parameters metodo=listarTodos and nomeClasse=TipoEntradaControle. The application fails to properly validate or restrict the nextPage parameter, enabling attackers to craft URLs that redirect users to arbitrary external websites. This can be exploited by attackers to conduct phishing campaigns, steal credentials, distribute malware, or perform social engineering attacks by leveraging the trust users have in the WeGIA domain. The vulnerability is remotely exploitable without authentication but requires user interaction to follow malicious links. The CVSS 4.0 vector indicates network attack vector, low attack complexity, no privileges required, user interaction needed, and low impact on confidentiality and integrity but limited impact on availability. The vulnerability affects all versions prior to 3.6.2, where the issue has been fixed. No public exploits have been reported yet, but the nature of open redirects makes it a common vector for indirect attacks that can lead to more severe consequences if combined with other vulnerabilities or social engineering tactics.

For European organizations, especially charitable institutions using the WeGIA platform, this vulnerability poses a significant risk of phishing and social engineering attacks. Attackers can exploit the open redirect to lure users into visiting malicious websites that appear to be linked from a trusted source, increasing the likelihood of credential theft or malware infection. This can lead to compromised user accounts, data breaches, and reputational damage. Since WeGIA is used in the nonprofit sector, which often handles sensitive donor and beneficiary information, the confidentiality and integrity of this data could be at risk. Additionally, successful phishing attacks could facilitate further network intrusions or fraud. The medium CVSS score reflects moderate risk, but the ease of exploitation and potential for user deception make it a relevant threat. The lack of known exploits in the wild suggests limited current impact but does not diminish the urgency of mitigation.

European organizations using WeGIA should immediately upgrade to version 3.6.2 or later where the vulnerability is patched. Until the update is applied, implement strict input validation and sanitization on the nextPage parameter to ensure it only allows internal URLs or whitelisted domains. Employ web application firewalls (WAFs) with rules to detect and block suspicious redirect patterns targeting the vulnerable endpoint. Conduct user awareness training focused on recognizing phishing attempts that exploit trusted domains. Monitor web server logs for unusual redirect requests and investigate any suspicious activity. Additionally, consider implementing Content Security Policy (CSP) headers to restrict the domains to which users can be redirected. Regularly audit and test the application for similar open redirect issues and ensure secure coding practices are followed in future development.