PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-34023 Wertheim GmbH CVE debrief

CVE-2026-34023 is an incorrect authorization vulnerability in the Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014. The vulnerability exists in the WebSocket communication used by the SafeController WebMessageBroker. An authenticated attacker with valid low-privileged branch user credentials can manipulate WebSocket messages by specifying controller identifiers belonging to other branches. This allows the attacker to access restricted functions and resources in other branches, including activating boxes outside of the user's authorized branch.

Vendor
Wertheim GmbH
Product
Wertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System)
CVSS
HIGH 7.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-15
Original CVE updated
2026-06-15
Advisory published
2026-06-15
Advisory updated
2026-06-15

Who should care

Users of Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, should be aware of this vulnerability and take steps to mitigate it.

Technical summary

The CVSS score for this vulnerability is 7.1, with a severity rating of HIGH. The vulnerability is caused by incorrect authorization in the WebSocket communication used by the SafeController WebMessageBroker.

Defensive priority

HIGH

Recommended defensive actions

  • Apply the necessary patches or updates to the Wertheim SafeController Software.
  • Restrict access to the SafeController WebMessageBroker to only authorized users.
  • Monitor for suspicious activity and implement additional security measures as needed.

Evidence notes

The CVE record and NVD detail can be found at [cve-org] and [nvd], respectively. Additional information can be found at [ref-4] and [ref-5].

Official resources

CVE-2026-34023 was published on 2026-06-15T12:16:24.563Z and has not been modified since then.