CVE-2026-28409
Received Received - Intake
Critical RCE in WeGIA Database Restore via Crafted Filename

Publication date: 2026-02-27

Last updated on: 2026-03-03

Assigner: GitHub, Inc.

Description
WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, a critical Remote Code Execution (RCE) vulnerability exists in the WeGIA application's database restoration functionality. An attacker with administrative access (which can be obtained via the previously reported Authentication Bypass) can execute arbitrary OS commands on the server by uploading a backup file with a specifically crafted filename. Version 3.6.5 fixes the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-27
Last Modified
2026-03-03
Generated
2026-06-16
AI Q&A
2026-02-28
EPSS Evaluated
2026-06-14
NVD
CVE-2026-28409
EUVD
EUVD-2026-9080
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wegia wegia to 3.6.5 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the WeGIA web manager for charitable institutions prior to version 3.6.5. It is a critical Remote Code Execution (RCE) flaw in the application's database restoration functionality. An attacker who has administrative access can exploit this by uploading a backup file with a specially crafted filename, which allows them to execute arbitrary operating system commands on the server.

Administrative access can be obtained through a previously reported Authentication Bypass vulnerability, making this RCE vulnerability particularly dangerous.

The issue is fixed in version 3.6.5 of WeGIA.

Impact Analysis

This vulnerability can have severe impacts because it allows an attacker with administrative access to execute arbitrary commands on the server hosting the WeGIA application.

  • Complete compromise of the server, including access to sensitive data.
  • Potential disruption or destruction of data and services.
  • Use of the compromised server as a launch point for further attacks.
  • Loss of trust and damage to the reputation of the charitable institution using WeGIA.
Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate this vulnerability, immediately upgrade the WeGIA application to version 3.6.5 or later, as this version contains the fix for the critical Remote Code Execution issue.

Additionally, restrict administrative access to trusted users only, since the vulnerability requires administrative privileges to be exploited.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-28409. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart