CVE-2026-34026

Vulnerability Description

Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a path traversal vulnerability in the documentName parameter of the /safe/selfservice/openselfservicedocument endpoint. The application constructs a file path using attacker-controlled input without sufficient validation, allowing an authenticated attacker with any role or permission level to traverse out of the intended document directory and download arbitrary files accessible to the application. This includes, but is not limited to, application log files containing sensitive information and application binaries.

Vulnerability Details

Published Date

June 15, 2026

Last Modified

June 15, 2026

CWE ID

CWE-23

Source

NVD

Vendor

Wertheim GmbH

Product

Wertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System)

External References

https://r.sec-consult.com/wertheim
https://wertheim-safes.com/safe-deposit-box-management/

CVE-2026-34026

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment