CVE-2026-23729 - Wegia Wegia

January 16, 2026

Moderate 6.1

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarDescricao and nomeClasse=ProdutoControle. The application fails to validate or restrict the nextPage parameter, allowing attackers to redirect users to arbitrary external websites. This can be abused for phishing attacks, credential theft, malware distribution, and social engineering using the trusted WeGIA domain. This vulnerability is fixed in 3.6.2.

Affected software

Wegia Wegia

Reference links

https://github.com/LabRedesCefetRJ/WeGIA/pull/1333
https://github.com/LabRedesCefetRJ/WeGIA/releases/tag/3.6.2
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-w88p-v7h6-m728

CVE-2026-23729 - Wegia Wegia

Affected software

Reference links

Get alerted to vulnerabilities in your software