CVE-2026-28409: CWE-78: Improper Neutralization of Special Elements used in an O CVE-2026-28409 is a critical OS command injection vulnerability (CWE-78) found in the WeGIA web management software, which is designed for charitable institutions. The vulnerability exists in the database restoration functionality prior to

WeGIA <3.6.5 hit by CRITICAL OS command injection (CVSS 10). RCE possible via backup restore + admin access (auth bypass possible). Upgrade to 3.6.5 now for protection! radar.offseq.com/threat/cve-2026-28409-cw... #OffSeq #vuln #CVE202628409