CVE-2026-23728 is an Open Redirect vulnerability identified in the LabRedesCefetRJ WeGIA application, a web management platform used by charitable institutions. The vulnerability resides in the /WeGIA/controle/control.php endpoint, specifically through the nextPage parameter when combined with metodo=listarTodos and nomeClasse=DestinoControle. The application fails to properly validate or restrict the nextPage parameter, allowing attackers to craft URLs that redirect users to arbitrary external websites. This lack of validation enables attackers to exploit the trusted WeGIA domain to conduct phishing attacks, steal credentials, distribute malware, or perform social engineering. The vulnerability does not require authentication but does require user interaction, such as clicking a malicious link. The CVSS v4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N) reflects a network attack vector with low complexity, no authentication needed, but requiring user interaction, and limited impact on confidentiality and integrity. The vulnerability affects all versions prior to 3.6.2, where it has been fixed. No known exploits are currently reported in the wild. Given the nature of the vulnerability, attackers can leverage the trusted domain to increase the success rate of social engineering and phishing campaigns, potentially leading to credential compromise or malware infections.

For European organizations using the WeGIA platform, this vulnerability poses a risk primarily through social engineering and phishing attacks that exploit the trusted WeGIA domain. Successful exploitation can lead to credential theft, unauthorized access, or malware infections, which can compromise organizational security and data integrity. Charitable institutions and NGOs, which often rely on trust and handle sensitive donor or beneficiary information, may face reputational damage and loss of stakeholder confidence if users are redirected to malicious sites. Although the vulnerability does not directly compromise system integrity or availability, the indirect consequences of phishing and malware distribution can be severe. The medium CVSS score reflects moderate risk, but the impact can escalate if attackers combine this with other attack vectors. European organizations with limited cybersecurity awareness or outdated WeGIA versions are particularly vulnerable. Additionally, the exploitation could be leveraged in targeted campaigns against high-profile charitable organizations involved in sensitive or politically relevant activities within Europe.

European organizations using WeGIA should immediately upgrade to version 3.6.2 or later, where this vulnerability is fixed. Until the update is applied, organizations should implement strict URL filtering and monitoring to detect and block suspicious redirect URLs originating from the WeGIA domain. Security awareness training should emphasize the risks of clicking on unexpected or suspicious links, especially those appearing to originate from trusted internal applications. Web application firewalls (WAFs) can be configured to detect and block requests with suspicious nextPage parameter values or unusual redirect patterns. Additionally, organizations should implement multi-factor authentication (MFA) to reduce the impact of credential theft resulting from phishing. Regular security assessments and penetration testing should include checks for open redirect vulnerabilities and other input validation issues. Finally, monitoring for phishing campaigns leveraging the WeGIA domain can help detect and respond to exploitation attempts early.