CVE-2026-23727 is an Open Redirect vulnerability categorized under CWE-601 found in the LabRedesCefetRJ WeGIA application, a web management platform used by charitable institutions. The vulnerability affects versions prior to 3.6.2 and is located in the /WeGIA/controle/control.php endpoint. Specifically, the nextPage parameter, when combined with metodo=listarTodos and nomeClasse=TipoSaidaControle, is not properly validated or sanitized, allowing an attacker to craft URLs that redirect users to arbitrary external websites. This lack of validation means that an attacker can embed malicious URLs within seemingly legitimate WeGIA links, exploiting user trust in the domain. Such redirects can be leveraged for phishing campaigns, where users are tricked into entering credentials on fake sites, or for distributing malware and conducting social engineering attacks. The vulnerability does not require authentication but does require user interaction, such as clicking a malicious link. The CVSS v4.0 score of 4.8 reflects a medium severity, considering the network attack vector, low complexity, no privileges required, but user interaction needed. There are no known exploits in the wild at the time of publication. The vendor has addressed this vulnerability in version 3.6.2 by implementing proper validation and restrictions on the nextPage parameter to prevent open redirects.

For European organizations using the WeGIA platform, particularly charitable institutions, this vulnerability poses a risk of phishing and social engineering attacks that can lead to credential compromise, unauthorized access, and potential malware infections. Since WeGIA is used to manage sensitive data related to charitable activities, exploitation could undermine trust in these organizations and disrupt their operations. Attackers could exploit the open redirect to bypass security filters and lure users into malicious sites, increasing the likelihood of successful attacks. Although the vulnerability does not directly compromise system integrity or availability, the indirect consequences of credential theft and malware infection could lead to data breaches and operational disruptions. The medium severity rating suggests a moderate risk, but the impact could be significant if attackers target high-profile charitable organizations or leverage the trusted domain for large-scale phishing campaigns.

European organizations using WeGIA should immediately upgrade to version 3.6.2 or later, where the vulnerability is fixed. Until the upgrade is applied, organizations should implement strict input validation and URL filtering on the nextPage parameter at the web application firewall (WAF) or reverse proxy level to block suspicious redirect attempts. Security teams should monitor web logs for unusual redirect patterns and educate users about the risks of clicking on unexpected links, especially those purporting to come from trusted WeGIA domains. Additionally, organizations should deploy anti-phishing tools and enable multi-factor authentication (MFA) to reduce the impact of credential theft. Regular vulnerability scanning and penetration testing focused on open redirect vectors can help identify residual risks. Finally, incident response plans should include procedures for handling phishing incidents stemming from this vulnerability.