CVE-2026-34024
HIGHWertheim SafeController 6.15.8328.28014 - Authenticated Missing Authorization
Title source: manualDescription
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains missing authorization checks on multiple web application endpoints. An authenticated attacker with minimal privileges can access endpoints that are not visible in the frontend but remain directly reachable. This allows the attacker to perform restricted actions such as switching the user's branch, uploading arbitrary files, downloading arbitrary files, and viewing details of arbitrary branches.
References (2)
Core 2
Core References
Product product
https://wertheim-safes.com/safe-deposit-box-management/
Third Party Advisory third-party-advisory
https://r.sec-consult.com/wertheim
Scores
CVSS v4
8.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-862
Status
published
Products (1)
Wertheim GmbH/Wertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System)
Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014
Published
Jun 15, 2026
Tracked Since
Jun 15, 2026