LeakyCreds
NewInstant webhook alerts now available ā€” notified within seconds of any credential detection.Learn more ā†’
Home / Vulnerability Intelligence / CVE-2026-28408

CVE-2026-28408 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: March 2, 2026

WeGIA - Broken Access Control

Published: February 27, 2026Updated: March 2, 2026Remote Exploitable

Overview

WeGIA < 3.6.5 contains a broken access control caused by lack of authentication and permission checks in adicionar_tipo_docs_atendido.php, letting malicious users inject unauthorized data, exploit requires no special privileges.

Severity & Score

Severity: Critical
CVSS Score: 9.8
EPSS Score: 5.0%(Probability of exploitation in next 30 days)

Impact

Attackers can inject large amounts of unauthorized data, potentially corrupting or disrupting application data integrity.

Mitigation

Upgrade to version 3.6.5 or later.

References

Social Media Activity(2 posts)

TheHackerWire
TheHackerWire
@thehackerwire
Feb 28, 2026

šŸ”“ CVE-2026-28408 - Critical (9.8) WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, the script in adicionar_tipo_docs_atendido.php does not go through the project's central controller and does not have its own authentication and permission checks. A malic... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-28408/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
Offensive Sequence
Offensive Sequence
@offseq
Feb 28, 2026

šŸ”“ CRITICAL: CVE-2026-28408 in WeGIA (<3.6.5) lets unauthenticated attackers inject massive unauthorized data via adicionar_tipo_docs_atendido.php. Upgrade to 3.6.5 ASAP. Monitor & restrict access now. https://radar.offseq.com/threat/cve-2026-28408-cwe-862-missing-authorization-in-la-ddacfcff #OffSeq #Vulnerability #WeGIA #CVE202628408

View original post

Related Resources

Details

CVE ID
CVE-2026-28408
Severity
Critical
CVSS Score
9.8
Type
broken_access_control
Status
unconfirmed
EPSS
5.0%
Social Posts
2

CWE

  • CWE-287

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

5.0%Probability of exploitation in the next 30 days