Main Vulnerability Database Vulnerabilities #VU127312

Open redirect in WeGIA - CVE-2026-23727

Published: April 23, 2026

Vulnerability identifier: #VU127312

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-23727

CWE-ID: CWE-601

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: LabReDeS

Affected software:
WeGIA

Detailed vulnerability description

The vulnerability allows a remote user to redirect users to arbitrary external websites.

The vulnerability exists due to url redirection to an untrusted site in the control.php endpoint when processing the nextPage parameter with metodo=listarTodos and nomeClasse=TipoSaidaControle. A remote user can send a specially crafted request to redirect users to arbitrary external websites.

User interaction is required for the victim to follow the crafted link or request.

How to mitigate CVE-2026-23727

Install security update from vendor's website.

Open redirect in WeGIA - CVE-2026-23727

Detailed vulnerability description

How to mitigate CVE-2026-23727

Sources

Please verify you're human