Main Vulnerability Database Vulnerabilities #VU127305

Improper Restriction of Rendered UI Layers or Frames in WeGIA - CVE-2026-23731

Published: April 23, 2026

Vulnerability identifier: #VU127305

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-23731

CWE-ID: CWE-1021

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: LabReDeS

Affected software:
WeGIA

Detailed vulnerability description

The vulnerability allows a remote attacker to perform ui redressing attacks and trigger unauthorized actions.

The vulnerability exists due to improper restriction of rendered ui layers or frames in the web application when handling framed page loads. A remote attacker can embed the application in a malicious page and trick a user into clicking disguised elements to perform ui redressing attacks and trigger unauthorized actions.

User interaction is required, and exploitation relies on the victim having an active session.

How to mitigate CVE-2026-23731

Install security update from vendor's website.

Improper Restriction of Rendered UI Layers or Frames in WeGIA - CVE-2026-23731

Detailed vulnerability description

How to mitigate CVE-2026-23731

Sources

Please verify you're human