CVE-2026-23730 is classified as a CWE-601 Open Redirect vulnerability affecting the WeGIA web management system developed by LabRedesCefetRJ, primarily used by charitable institutions. The vulnerability is located in the /WeGIA/controle/control.php endpoint, where the nextPage parameter is used in conjunction with metodo=listarTodos and nomeClasse=ProdutoControle. The application fails to validate or restrict the nextPage parameter, allowing an attacker to craft URLs that redirect users to arbitrary external websites. This lack of validation means that an attacker can embed malicious URLs within links that appear to originate from the trusted WeGIA domain, increasing the likelihood of successful phishing or social engineering attacks. Exploitation does not require authentication but does require user interaction, such as clicking a malicious link. The CVSS v4.0 score is 4.8 (medium severity), reflecting the network attack vector, low complexity, no privileges required, but user interaction needed, and limited impact on confidentiality and integrity. Although no known exploits are currently reported in the wild, the vulnerability poses a risk for targeted phishing campaigns leveraging the trust in the WeGIA platform. The issue was addressed and fixed in version 3.6.2 of the software.

For European organizations using WeGIA, particularly charitable institutions or NGOs, this vulnerability could be exploited to conduct phishing attacks that leverage the trusted WeGIA domain to deceive users into visiting malicious sites. This could lead to credential theft, malware infections, or social engineering attacks targeting employees, donors, or beneficiaries. The impact on confidentiality and integrity is limited but non-negligible due to potential credential compromise and subsequent lateral attacks. Availability is not directly affected. Given the nature of the affected organizations, reputational damage and loss of donor trust could be significant. The medium CVSS score reflects moderate risk, but the actual impact depends on the extent of WeGIA deployment and user awareness. Since exploitation requires user interaction, effective user training can reduce risk. However, the lack of input validation represents a systemic weakness that must be addressed to prevent misuse.

European organizations using WeGIA should immediately upgrade to version 3.6.2 or later where the vulnerability is patched. Until the upgrade is applied, organizations should implement strict input validation and sanitization on the nextPage parameter at the web application firewall (WAF) or reverse proxy level to block URLs containing external redirects. Security teams should monitor logs for suspicious redirect attempts and educate users about the risks of clicking unexpected links, even if they appear to originate from trusted domains. Implementing Content Security Policy (CSP) headers can help mitigate the impact of redirected malicious content. Additionally, organizations should conduct phishing awareness campaigns tailored to the context of WeGIA usage. Regular vulnerability scanning and penetration testing should include checks for open redirect vulnerabilities. Finally, coordinate with the vendor for any interim patches or mitigations if upgrading is delayed.