CVE-2026-23729 is classified as a CWE-601 Open Redirect vulnerability affecting the WeGIA web management system developed by LabRedesCefetRJ, primarily used by charitable organizations. The vulnerability resides in the /WeGIA/controle/control.php endpoint, where the nextPage parameter is used to determine the subsequent page to load. When combined with the parameters metodo=listarDescricao and nomeClasse=ProdutoControle, the application fails to validate or restrict the nextPage parameter, allowing an attacker to craft URLs that redirect users to arbitrary external websites. This lack of validation can be exploited by attackers to conduct phishing attacks by redirecting users to malicious sites that appear to originate from the trusted WeGIA domain, increasing the likelihood of credential theft or malware installation. The vulnerability does not require authentication but does require user interaction, such as clicking a crafted link. The CVSS 4.8 score reflects a medium severity, considering the network attack vector, low attack complexity, no privileges required, but user interaction needed, and limited impact on confidentiality and integrity. The vulnerability is fixed in WeGIA version 3.6.2, and users are advised to upgrade to this or later versions to remediate the issue. No public exploits have been reported, but the risk remains due to the potential for social engineering attacks leveraging this flaw.

For European organizations, especially charitable institutions using WeGIA, this vulnerability poses a risk of social engineering attacks that can lead to phishing, credential compromise, and malware infections. Since WeGIA is used to manage sensitive data and operations for charities, exploitation could undermine trust in these organizations and potentially lead to data breaches or financial fraud. The open redirect can be used to bypass security filters and convince users to visit malicious sites under the guise of a trusted domain, increasing the effectiveness of attacks. Although the vulnerability does not directly compromise system integrity or availability, the indirect consequences of successful phishing or malware campaigns can be severe, including reputational damage and regulatory penalties under GDPR if personal data is compromised. The medium severity indicates a moderate risk, but the impact can be amplified depending on the scale of deployment and user awareness.

European organizations using WeGIA should immediately upgrade to version 3.6.2 or later where the vulnerability is patched. Until the upgrade is applied, organizations should implement strict URL filtering and monitoring to detect and block suspicious redirects originating from the WeGIA domain. User education campaigns should be conducted to raise awareness about phishing risks and the dangers of clicking on unexpected links, even if they appear to come from trusted sources. Web application firewalls (WAFs) can be configured to detect and block requests with suspicious nextPage parameter values. Additionally, organizations should audit their WeGIA deployments to identify any customizations that might affect the patching process and ensure that all instances are updated. Logging and monitoring for unusual redirect patterns can help detect exploitation attempts early. Finally, consider implementing Content Security Policy (CSP) headers to restrict the domains to which users can be redirected.