CVE-2026-23727 – This open redirect vulnerability in WeGIA allow... (How to Fix)

Q: What is the severity of CVE-2026-23727?

CVE-2026-23727 has a CVSS score of 6.1 (MEDIUM). This open redirect vulnerability in WeGIA allows attackers to redirect users to malicious external websites by manipulating the nextPage parameter. It affects all WeGIA installations prior to version 3.6.2. This can be exploited for phishing, credential theft, and malware distribution using the trusted WeGIA domain.

📋 TL;DR

This open redirect vulnerability in WeGIA allows attackers to redirect users to malicious external websites by manipulating the nextPage parameter. It affects all WeGIA installations prior to version 3.6.2. This can be exploited for phishing, credential theft, and malware distribution using the trusted WeGIA domain.

💻 Affected Systems

Products:

WeGIA

Versions: All versions prior to 3.6.2

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the /WeGIA/controle/control.php endpoint with metodo=listarTodos and nomeClasse=TipoSaidaControle parameters.

📦 What is this software?

Wegia by Wegia

View all CVEs affecting Wegia →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Users are redirected to sophisticated phishing sites that steal credentials or deliver malware, leading to account compromise, data breaches, and system infections.

🟠

Likely Case

Attackers use the trusted WeGIA domain to redirect users to phishing pages for credential harvesting or social engineering attacks.

🟢

If Mitigated

Users are protected from redirection attacks, maintaining trust in the WeGIA application and preventing credential theft.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only URL manipulation and no authentication, making it trivial for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.6.2

Vendor Advisory: https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-pmq9-8p4w-m4f3

Restart Required: No

Instructions:

1. Download WeGIA version 3.6.2 from the official repository. 2. Replace the existing installation with the updated files. 3. Verify the fix by testing the vulnerable endpoint.

🔧 Temporary Workarounds

Input Validation Filter

all

Add server-side validation to restrict nextPage parameter to allowed domains or relative paths only.

Modify control.php to validate nextPage parameter against a whitelist of allowed URLs.

Web Application Firewall Rule

all

Block requests containing external URLs in the nextPage parameter.

Add WAF rule to detect and block patterns like 'http://' or 'https://' in nextPage parameter.

🧯 If You Can't Patch

Implement strict Content Security Policy (CSP) headers to restrict redirections.
Monitor logs for suspicious redirect patterns and block malicious IP addresses.

🔍 How to Verify

Check if Vulnerable:

Test the endpoint /WeGIA/controle/control.php?metodo=listarTodos&nomeClasse=TipoSaidaControle&nextPage=http://malicious.com to see if it redirects.

Check Version:

Check the WeGIA version in the application interface or configuration files.

Verify Fix Applied:

After patching, test the same endpoint with external URLs; it should not redirect or should show an error.

📡 Detection & Monitoring

Log Indicators:

HTTP requests to control.php with external URLs in nextPage parameter
Unusual redirect patterns in access logs

Network Indicators:

Outbound connections to suspicious domains following WeGIA access

SIEM Query:

source="web_logs" AND url="*control.php*" AND (nextPage="http://*" OR nextPage="https://*")

📊 Metadata

CVE ID: CVE-2026-23727

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-601

EPSS Score: 0.03% exploit probability (8.4th percentile)

Published: January 16, 2026

Last Updated: January 30, 2026

🔗 References

https://github.com/LabRedesCefetRJ/WeGIA/pull/1333 Issue Tracking,Patch
https://github.com/LabRedesCefetRJ/WeGIA/releases/tag/3.6.2 Release Notes
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-pmq9-8p4w-m4f3 Exploit,Mitigation,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-23727, you might also want to check these: