CVE-2026-23728 is an Open Redirect vulnerability classified under CWE-601, found in the WeGIA web management application developed by LabRedesCefetRJ, primarily used by charitable institutions. The vulnerability resides in the /WeGIA/controle/control.php endpoint, specifically in the nextPage parameter when combined with the parameters metodo=listarTodos and nomeClasse=DestinoControle. The application fails to properly validate or restrict the nextPage parameter, enabling an attacker to craft URLs that redirect users to arbitrary external websites. This lack of validation allows attackers to exploit the trusted WeGIA domain to conduct phishing attacks, steal credentials, distribute malware, or perform social engineering. The vulnerability does not require authentication but does require user interaction, such as clicking a malicious link. The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:L), user interaction required (UI:A), and low impact on confidentiality, integrity, and availability. No known exploits are currently reported in the wild. The vulnerability is addressed in WeGIA version 3.6.2, where proper validation of the nextPage parameter has been implemented to prevent arbitrary redirection.

For European organizations, especially charitable institutions using WeGIA versions prior to 3.6.2, this vulnerability poses a risk of phishing and social engineering attacks leveraging the trusted WeGIA domain. Attackers can redirect users to malicious sites to harvest credentials or distribute malware, potentially leading to data breaches or compromised systems. Although the direct impact on system integrity or availability is low, the indirect consequences through successful phishing or malware infections can be significant, including reputational damage and regulatory penalties under GDPR if personal data is compromised. The requirement for user interaction limits automated exploitation but does not eliminate risk, especially in environments where users may be less security-aware. The medium CVSS score reflects these factors. Organizations relying on WeGIA for managing charitable activities should consider the reputational and operational risks arising from exploitation of this vulnerability.

European organizations should immediately upgrade WeGIA to version 3.6.2 or later to apply the official fix that validates the nextPage parameter and prevents open redirects. Until the upgrade is completed, organizations should implement web application firewall (WAF) rules to detect and block suspicious requests containing manipulated nextPage parameters. Security awareness training should emphasize caution when clicking links, especially those purporting to come from trusted internal applications. Additionally, organizations can implement URL filtering and email gateway protections to detect and quarantine phishing attempts exploiting this vulnerability. Monitoring web server logs for unusual redirect patterns can help identify exploitation attempts. Finally, organizations should review and restrict the use of the vulnerable endpoint where possible and consider additional input validation or URL sanitization at the application or proxy level as a temporary mitigation.