Open Redirect Vulnerability in WeGIA Web Manager for Charitable Institutions
CVE-2026-45335

5.4MEDIUM

Key Information:

Vendor: Labredescefetrj
Status: Wegia
Vendor: CVE Published:; 27 May 2026

🔔 Create Labredescefetrj Vulnerability Alert

What is CVE-2026-45335?

An open redirect vulnerability exists in the WeGIA web management application for charitable institutions, specifically in the /WeGIA/controle/control.php endpoint. The issue arises from improper validation of the nextPage parameter, which, when used with the metodo=listarTodos and nomeClasse=InternoControle parameters, allows an attacker to redirect users to malicious external sites. This flaw poses a significant risk, as it can facilitate phishing attacks, credential theft, and the distribution of malware by exploiting the trust users place in the WeGIA domain. The vulnerability has been addressed in version 3.7.3.

Affected Version(s)

WeGIA < 3.7.3

References

https://github.com/LabRedesCefetRJ/WeGIA/security/advisor...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
May 11, 2026

CVE-2026-45335 Data

JSON