CVE-2026-23729 is an Open Redirect vulnerability classified under CWE-601 found in the WeGIA web management software developed by LabRedesCefetRJ, used primarily by charitable institutions. The vulnerability resides in the /WeGIA/controle/control.php endpoint, specifically in the handling of the nextPage parameter when combined with metodo=listarDescricao and nomeClasse=ProdutoControle. The application fails to properly validate or restrict the nextPage parameter, allowing an attacker to craft URLs that redirect users to arbitrary external websites. This flaw can be exploited by attackers to conduct phishing campaigns, steal credentials, distribute malware, or perform social engineering attacks by leveraging the trust users place in the legitimate WeGIA domain. The vulnerability does not require authentication but does require user interaction, such as clicking a malicious link. The CVSS 4.0 vector indicates the attack can be performed remotely with low complexity, no privileges, and no user authentication, but user interaction is required. The impact on confidentiality and integrity is low, but the potential for social engineering and indirect compromise is significant. The vulnerability is fixed in WeGIA version 3.6.2, and no public exploits are currently known.

For European organizations using WeGIA, especially charitable institutions, this vulnerability poses a risk of phishing and social engineering attacks that could lead to credential theft or malware infections. Since WeGIA is a trusted platform within these organizations, attackers can exploit the open redirect to craft convincing malicious links that appear to originate from a legitimate source, increasing the likelihood of successful attacks. This can result in compromised user accounts, unauthorized access to sensitive data, and potential reputational damage. Although the vulnerability itself does not directly allow system compromise, the indirect consequences through user deception can be significant. The medium CVSS score reflects the moderate technical severity but notable social engineering risk. Organizations relying on WeGIA should be aware that attackers might target their users via email or other communication channels leveraging this flaw.

European organizations should immediately upgrade WeGIA to version 3.6.2 or later to remediate this vulnerability. Until the upgrade is applied, organizations should implement web application firewall (WAF) rules to detect and block suspicious requests containing manipulated nextPage parameters. Security teams should educate users about the risks of clicking on unexpected links, even if they appear to come from trusted domains. Monitoring logs for unusual redirect patterns or spikes in outbound traffic to unknown domains can help detect exploitation attempts. Additionally, organizations should consider implementing URL filtering and anti-phishing solutions to reduce the risk of successful attacks leveraging this vulnerability. Regular vulnerability scanning and patch management processes should be enforced to prevent similar issues.