CVE-2026-45335: CWE-601: URL Redirection to Untrusted Site ('Open Redirect') in LabRedesCefetRJ WeGIA
CVE-2026-45335 is an Open Redirect vulnerability in the WeGIA web manager for charitable institutions. The flaw exists in versions prior to 3. 7. 3 within the /WeGIA/controle/control. php endpoint, specifically involving the nextPage parameter when used with certain query parameters. The application does not properly validate or restrict this parameter, enabling attackers to redirect users to arbitrary external sites. This can facilitate phishing, credential theft, malware distribution, and social engineering attacks leveraging the trusted WeGIA domain. The vulnerability has a medium severity rating and a CVSS score of 5. 4. It is fixed in version 3.
AI Analysis
Technical Summary
The vulnerability CVE-2026-45335 is an Open Redirect issue in the WeGIA application by LabRedesCefetRJ. It occurs in the /WeGIA/controle/control.php endpoint when the nextPage parameter is combined with metodo=listarTodos and nomeClasse=InternoControle. The application fails to validate or restrict the nextPage parameter, allowing attackers to redirect users to arbitrary external URLs. This can be exploited to conduct phishing or social engineering attacks by redirecting users from a trusted domain to malicious sites. The issue affects versions earlier than 3.7.3 and is resolved in version 3.7.3.
Potential Impact
Successful exploitation allows attackers to redirect users to arbitrary external websites, potentially leading to phishing, credential theft, malware distribution, or social engineering attacks. The vulnerability impacts confidentiality and integrity to a limited extent but does not affect availability. No known active exploitation has been reported.
Mitigation Recommendations
Upgrade WeGIA to version 3.7.3 or later, where this Open Redirect vulnerability is fixed. Since the product is not a cloud service, remediation depends on applying this official fix. Patch status is confirmed by the vendor advisory indicating the issue is resolved in 3.7.3.
CVE-2026-45335: CWE-601: URL Redirection to Untrusted Site ('Open Redirect') in LabRedesCefetRJ WeGIA
Description
CVE-2026-45335 is an Open Redirect vulnerability in the WeGIA web manager for charitable institutions. The flaw exists in versions prior to 3. 7. 3 within the /WeGIA/controle/control. php endpoint, specifically involving the nextPage parameter when used with certain query parameters. The application does not properly validate or restrict this parameter, enabling attackers to redirect users to arbitrary external sites. This can facilitate phishing, credential theft, malware distribution, and social engineering attacks leveraging the trusted WeGIA domain. The vulnerability has a medium severity rating and a CVSS score of 5. 4. It is fixed in version 3.
CVSS v3.1
Score 5.4medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability CVE-2026-45335 is an Open Redirect issue in the WeGIA application by LabRedesCefetRJ. It occurs in the /WeGIA/controle/control.php endpoint when the nextPage parameter is combined with metodo=listarTodos and nomeClasse=InternoControle. The application fails to validate or restrict the nextPage parameter, allowing attackers to redirect users to arbitrary external URLs. This can be exploited to conduct phishing or social engineering attacks by redirecting users from a trusted domain to malicious sites. The issue affects versions earlier than 3.7.3 and is resolved in version 3.7.3.
Potential Impact
Successful exploitation allows attackers to redirect users to arbitrary external websites, potentially leading to phishing, credential theft, malware distribution, or social engineering attacks. The vulnerability impacts confidentiality and integrity to a limited extent but does not affect availability. No known active exploitation has been reported.
Mitigation Recommendations
Upgrade WeGIA to version 3.7.3 or later, where this Open Redirect vulnerability is fixed. Since the product is not a cloud service, remediation depends on applying this official fix. Patch status is confirmed by the vendor advisory indicating the issue is resolved in 3.7.3.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-05-11T21:40:08.176Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a171ce8e29bf47b50d1ded7
Added to database: 5/27/2026, 4:33:44 PM
Last enriched: 5/27/2026, 4:49:06 PM
Last updated: 5/27/2026, 5:57:44 PM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.