Path traversal in Wertheim SafeController Software allows authenticated users to...

7.1 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Description

Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a path traversal vulnerability in the documentName parameter of the /safe/selfservice/openselfservicedocument endpoint. The application constructs a file path using attacker-controlled input without sufficient validation, allowing an authenticated attacker with any role or permission level to traverse out of the intended document directory and download arbitrary files accessible to the application. This includes, but is not limited to, application log files containing sensitive information and application binaries.

Basic Information

ID CVE-2026-34026

Source SEC-VLab

Published Jun 15, 2026 at 10:04

Affected Product

Vendor Wertheim GmbH

Product Wertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System)

Version Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014

Affected Versions Wertheim GmbH Wertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System) Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014

CWE Classification

CWE-23

References

{
    "lastseen": "",
    "description": "Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a path traversal vulnerability in the documentName parameter of the /safe/selfservice/openselfservicedocument endpoint. The application constructs a file path using attacker-controlled input without sufficient validation, allowing an authenticated attacker with any role or permission level to traverse out of the intended document directory and download arbitrary files accessible to the application. This includes, but is not limited to, application log files containing sensitive information and application binaries.",
    "published": "2026-06-15T10:04:13.043Z",
    "modified": "2026-06-15T10:04:13.043Z",
    "type": "cve",
    "title": "Path traversal in Wertheim SafeController Software allows authenticated users to download arbitrary files",
    "source": "SEC-VLab",
    "references": "https://wertheim-safes.com/safe-deposit-box-management/\nhttps://r.sec-consult.com/wertheim",
    "id": "CVE-2026-34026",
    "bulletinFamily": "",
    "cwe": [
        "CWE-23"
    ],
    "cvelist": null,
    "sourceData": "Wertheim GmbH Wertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System) Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014",
    "sourceHref": "",
    "cvss": {
        "score": 7.1,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Wertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System)",
    "version": "Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014",
    "vendor": "Wertheim GmbH",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Path traversal in Wertheim SafeController Software allows authenticated users to download arbitrary files_CVE-2026-34026