Home > Vulnerability Database > CVE-2026-23731

Mend.io Vulnerability Database

CVE-2026-23731

Good to know:

Date: January 16, 2026

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, The web application is vulnerable to clickjacking attacks. The WeGIA application does not send any defensive HTTP headers related to framing protection. In particular, X-Frame-Options is missing andContent-Security-Policy with frame-ancestors directive is not configured. Because of this, an attacker can load any WeGIA page inside a malicious HTML document, overlay deceptive elements, hide real buttons, or force accidental interaction with sensitive workflows. This vulnerability is fixed in 3.6.2.

Severity Score

4.3

Related Resources (5)

Url: https://github.com/LabRedesCefetRJ/WeGIA/releases/tag/3.6.2

Url: https://github.com/LabRedesCefetRJ/WeGIA/pull/1333

Url: https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-99qp-hjvh-c59q

Url: https://nvd.nist.gov/vuln/detail/CVE-2026-23731

Url: https://www.mend.io/vulnerability-database/CVE-2026-23731

Severity Score

4.3

Weakness Type (CWE)

Improper Restriction of Rendered UI Layers or Frames

CWE-1021

Top Fix

Upgrade Version

Upgrade to version https://github.com/LabRedesCefetRJ/WeGIA.git - 3.6.2

Learn More

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2026-23731

Good to know:

Date: January 16, 2026

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?