Open Redirect Vulnerability in WeGIA Web Manager for Charitable Institutions
CVE-2026-35398

5.1MEDIUM

Key Information:

Vendor: Labredescefetrj
Status: Wegia
Vendor: CVE Published:; 6 April 2026

🔔 Create Labredescefetrj Vulnerability Alert

What is CVE-2026-35398?

The WeGIA Web Manager, designed for charitable institutions, has an Open Redirect vulnerability in its control.php endpoint affecting versions prior to 3.6.9. This flaw arises from inadequate validation of the nextPage parameter, particularly when used with certain request methods. Attackers can exploit this by redirecting users to malicious external sites, facilitating phishing campaigns, credential theft, malware infections, and social engineering attacks while maintaining the trust associated with the WeGIA domain. The issue has been rectified in version 3.6.9.

Affected Version(s)

WeGIA < 3.6.9

References

https://github.com/LabRedesCefetRJ/WeGIA/security/advisor...

x_refsource_CONFIRM

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 6, 2026
Vulnerability Reserved
Apr 2, 2026

CVE-2026-35398 Data

JSON