CVE-2026-23730 – This CVE describes an Open Redirect vulnerabili... (How to Fix)

Q: What is the severity of CVE-2026-23730?

CVE-2026-23730 has a CVSS score of 6.1 (MEDIUM). This CVE describes an Open Redirect vulnerability in WeGIA web manager for charitable institutions. Attackers can redirect users to malicious external websites via the /WeGIA/controle/control.php endpoint, potentially enabling phishing and credential theft. All WeGIA installations prior to version 3.6.2 are affected.

📋 TL;DR

This CVE describes an Open Redirect vulnerability in WeGIA web manager for charitable institutions. Attackers can redirect users to malicious external websites via the /WeGIA/controle/control.php endpoint, potentially enabling phishing and credential theft. All WeGIA installations prior to version 3.6.2 are affected.

💻 Affected Systems

Products:

WeGIA

Versions: All versions prior to 3.6.2

Operating Systems: Any OS running WeGIA

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default installation when using the affected endpoint with specific parameters.

📦 What is this software?

Wegia by Wegia

View all CVEs affecting Wegia →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Users are redirected to sophisticated phishing sites that steal credentials or distribute malware, leading to account compromise and potential organizational data breaches.

🟠

Likely Case

Attackers use the trusted WeGIA domain to redirect users to phishing pages, increasing success rates for credential harvesting campaigns.

🟢

If Mitigated

With proper input validation and URL whitelisting, redirects are restricted to trusted internal pages only.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires no authentication and involves simple URL manipulation with predictable parameters.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.6.2

Vendor Advisory: https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-6gx4-6gwv-cxc3

Restart Required: Yes

Instructions:

1. Backup current WeGIA installation and database. 2. Download WeGIA 3.6.2 from official repository. 3. Replace existing files with patched version. 4. Restart web server service.

🔧 Temporary Workarounds

Input Validation Filter

all

Add server-side validation to restrict nextPage parameter to internal URLs only

Modify /WeGIA/controle/control.php to validate nextPage parameter against whitelist of allowed domains

Web Application Firewall Rule

all

Block requests containing external URLs in nextPage parameter

Add WAF rule to detect and block: /WeGIA/controle/control.php?.*nextPage=.*(http|https)://.*

🧯 If You Can't Patch

Implement strict Content Security Policy (CSP) headers to restrict redirect destinations
Deploy web application firewall with open redirect detection rules

🔍 How to Verify

Check if Vulnerable:

Test by accessing: /WeGIA/controle/control.php?metodo=listarTodos&nomeClasse=ProdutoControle&nextPage=https://evil.com

Check Version:

Check WeGIA version in admin panel or review application files for version markers

Verify Fix Applied:

After patching, same test should result in error or redirect to internal page only

📡 Detection & Monitoring

Log Indicators:

HTTP requests to /WeGIA/controle/control.php with external URLs in nextPage parameter
Multiple redirect responses from WeGIA endpoints

Network Indicators:

Outbound connections from WeGIA server to unexpected external domains following user requests

SIEM Query:

source="web_server" AND uri="/WeGIA/controle/control.php" AND query="*nextPage=*http*"

📊 Metadata

CVE ID: CVE-2026-23730

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-601

EPSS Score: 0.03% exploit probability (8.4th percentile)

Published: January 16, 2026

Last Updated: January 30, 2026

🔗 References

https://github.com/LabRedesCefetRJ/WeGIA/pull/1333 Issue Tracking,Patch
https://github.com/LabRedesCefetRJ/WeGIA/releases/tag/3.6.2 Release Notes
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-6gx4-6gwv-cxc3 Exploit,Mitigation,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-23730, you might also want to check these: