CVE-2026-23727 is an Open Redirect vulnerability classified under CWE-601 found in the LabRedesCefetRJ WeGIA web management application, which is designed for charitable institutions. The vulnerability resides in the /WeGIA/controle/control.php endpoint, specifically in the handling of the nextPage parameter when used alongside metodo=listarTodos and nomeClasse=TipoSaidaControle parameters. The application fails to validate or restrict the nextPage parameter, enabling an attacker to craft URLs that redirect users to arbitrary external websites. This lack of validation means that an attacker can exploit the trusted WeGIA domain to lure users into clicking malicious links that appear legitimate. Such redirections can be leveraged for phishing campaigns, credential harvesting, malware delivery, or other social engineering attacks. The vulnerability is remotely exploitable without authentication but requires user interaction to click on the malicious link. The CVSS 4.0 vector indicates network attack vector, low attack complexity, no privileges required, user interaction needed, and low impact on confidentiality and integrity but limited impact on availability. The vulnerability affects all versions prior to 3.6.2, where the issue has been patched. Although no known exploits are currently reported in the wild, the potential for abuse in phishing and social engineering contexts is significant given the trusted nature of the WeGIA platform among charitable organizations.

For European organizations, especially charitable institutions or NGOs using the WeGIA platform, this vulnerability can lead to significant reputational damage and user trust erosion if exploited. Attackers could use the open redirect to craft convincing phishing campaigns that appear to originate from a trusted source, increasing the likelihood of credential theft or malware infections. This could compromise sensitive donor or beneficiary information, leading to data breaches and regulatory consequences under GDPR. Additionally, malware distribution via trusted domains could lead to broader network compromise. The impact is heightened in Europe due to strict data protection laws and the critical role of charitable organizations in social services. While the vulnerability itself does not directly compromise system integrity or availability, the downstream effects of successful phishing or malware attacks could be severe.

European organizations using WeGIA should immediately upgrade to version 3.6.2 or later to remediate this vulnerability. Until the patch is applied, organizations should implement URL filtering and monitoring to detect and block suspicious redirection attempts. Security awareness training should emphasize caution when clicking links, even from trusted domains, highlighting the risk of open redirects. Web application firewalls (WAFs) can be configured to detect and block requests with suspicious nextPage parameter values. Additionally, organizations should audit their public-facing URLs and communications to ensure no legacy links expose the vulnerable parameter. Implementing Content Security Policy (CSP) headers can help mitigate the impact of malicious redirects by restricting allowed domains. Finally, monitoring for phishing campaigns impersonating the organization can help detect exploitation attempts early.