CVE-2026-35474
Open Redirect in WeGIA Webapp Allows Phishing Attacks
Publication date: 2026-04-06
Last updated on: 2026-04-10
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wegia | wegia | to 3.6.9 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-601 | The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying HTTP requests to the WeGIA web application that include a redirect parameter in the URL, which is used without validation. Specifically, look for requests where the redirect parameter points to an external or suspicious URL.
A practical way to detect this on your system or network is to monitor HTTP logs or capture traffic and search for URLs containing the redirect parameter with external domains.
Example commands to detect such requests include:
- Using grep on web server logs to find redirect parameters: grep -i 'redirect=' /path/to/access.log
- Using curl to test if the redirect parameter causes an open redirect: curl -I 'http://your-wegia-server/WeGIA/html/configuracao/atualizacao.php?redirect=https://evil.com/fake-login'
- Using a network traffic capture tool like tcpdump or Wireshark to filter HTTP GET requests containing 'redirect=' in the URL.
Can you explain this vulnerability to me?
This vulnerability is an open redirect found in the WeGIA web application prior to version 3.6.9. The issue arises because the redirect parameter is taken directly from user input ($_GET) without any validation or whitelist checks. This parameter is then used directly in an HTTP header call ("Location: ..."), allowing attackers to redirect users to arbitrary external sites.
How can this vulnerability impact me? :
The open redirect vulnerability can be exploited by attackers to redirect users to malicious websites. This can lead to phishing attacks, where users are tricked into providing sensitive information, or to the distribution of malware. It undermines user trust and can be used to bypass security controls that rely on trusted URLs.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, upgrade the WeGIA web application to version 3.6.9 or later, where the open redirect issue has been fixed.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability is an open redirect in the WeGIA web application prior to version 3.6.9, where the redirect parameter is used without validation. This type of vulnerability can potentially be exploited for phishing attacks or redirecting users to malicious sites, which may indirectly impact compliance with standards like GDPR or HIPAA by increasing the risk of unauthorized data exposure or user deception.
However, the provided information does not explicitly describe the direct impact of this vulnerability on compliance with GDPR, HIPAA, or other common standards and regulations.