Platform
php
Component
wegia
Fixed in
3.6.6
CVE-2026-28408 is a critical vulnerability affecting WeGIA, a web manager for charitable institutions. This flaw allows unauthorized data injection into the application server's storage, potentially leading to data manipulation and disruption of services. The vulnerability exists in versions of WeGIA prior to 3.6.5 and has been resolved with the release of version 3.6.5.
The core of this vulnerability lies in the adicionartipodocs_atendido.php script, which lacks proper authentication and permission checks. This means an attacker can bypass standard security controls and directly interact with the script using tools like Postman or by directly accessing its URL. The impact is significant: attackers can inject large quantities of unauthorized data into the application's storage. This could involve modifying critical data related to donations, beneficiaries, or internal records, potentially leading to financial loss, reputational damage, and operational disruption for the charitable institution. The lack of authentication means any external party with network access to the WeGIA instance is potentially at risk.
CVE-2026-28408 was publicly disclosed on 2026-02-27. There is currently no indication of active exploitation campaigns targeting this vulnerability. The vulnerability is not listed on the CISA KEV catalog. Public proof-of-concept exploits are not yet available, but the vulnerability's simplicity suggests that one may emerge relatively quickly.
Exploit Status
EPSS
0.08% (23% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-28408 is to immediately upgrade WeGIA to version 3.6.5 or later. If upgrading is not immediately feasible due to compatibility concerns or downtime requirements, consider implementing a Web Application Firewall (WAF) rule to block direct access to the adicionartipodocsatendido.php script. Additionally, restrict network access to the WeGIA server to only authorized IP addresses. Regularly review and audit WeGIA configurations to ensure adherence to security best practices. After upgrade, confirm the vulnerability is resolved by attempting to access the adicionartipodocsatendido.php script with an unauthorized user account and verifying access is denied.
Update WeGIA to version 3.6.5 or higher. This version corrects the lack of authentication verification in the adicionar_tipo_docs_atendido.php script, preventing unauthorized access to employee-exclusive functions and the injection of unauthorized data.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-28408 is a critical vulnerability in WeGIA versions prior to 3.6.5 that allows attackers to inject unauthorized data into the application's storage due to missing authentication checks in a specific script.
You are affected if you are using WeGIA version 3.6.5 or earlier. Immediately check your WeGIA version and upgrade if necessary.
The recommended fix is to upgrade WeGIA to version 3.6.5 or later. As a temporary workaround, implement a WAF rule to block access to the vulnerable script.
There is currently no evidence of active exploitation, but the vulnerability's simplicity suggests it could be targeted in the future.
Refer to the WeGIA official website or security advisory channels for the latest information and updates regarding CVE-2026-28408.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.