CVE-2026-34026
HIGHPath traversal in Wertheim SafeController Software allows authenticated users to download arbitrary files
Title source: cnaDescription
Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a path traversal vulnerability in the documentName parameter of the /safe/selfservice/openselfservicedocument endpoint. The application constructs a file path using attacker-controlled input without sufficient validation, allowing an authenticated attacker with any role or permission level to traverse out of the intended document directory and download arbitrary files accessible to the application. This includes, but is not limited to, application log files containing sensitive information and application binaries.
References (2)
Core 2
Core References
Product product
https://wertheim-safes.com/safe-deposit-box-management/
Third Party Advisory third-party-advisory
https://r.sec-consult.com/wertheim
Scores
CVSS v4
7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-23
Status
published
Products (1)
Wertheim GmbH/Wertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System)
Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014
Published
Jun 15, 2026
Tracked Since
Jun 15, 2026