PatchSiren cyber security CVE debrief
CVE-2026-34024 Wertheim GmbH CVE debrief
CVE-2026-34024 is a high-severity vulnerability in Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014. The vulnerability allows an authenticated attacker with minimal privileges to access multiple web application endpoints that are not visible in the frontend. This access enables the attacker to perform restricted actions such as switching the user's branch, uploading arbitrary files, downloading arbitrary files, and viewing details of arbitrary branches. The vulnerability has a CVSS score of 8.6 and is classified as HIGH severity.
- Vendor
- Wertheim GmbH
- Product
- Wertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System)
- CVSS
- HIGH 8.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Security teams and administrators responsible for Wertheim SafeController Software should be aware of this vulnerability and take immediate action to mitigate the risk.
Technical summary
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains missing authorization checks on multiple web application endpoints. An authenticated attacker with minimal privileges can access endpoints that are not visible in the frontend but remain directly reachable.
Defensive priority
High
Recommended defensive actions
- Apply patches or updates provided by the vendor to fix the vulnerability.
- Restrict access to sensitive endpoints and implement additional authorization checks.
- Monitor system logs for suspicious activity and implement incident response plans.
Evidence notes
The vulnerability was reported by Sec Consult, as indicated by the reference [ref-4](https://r.sec-consult.com/wertheim) and [ref-5](https://wertheim-safes.com/safe-deposit-box-management/).
Official resources
-
CVE-2026-34024 CVE record
CVE.org
-
CVE-2026-34024 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
551230f0-3615-47bd-b7cc-93e92e730bbf
-
Source reference
551230f0-3615-47bd-b7cc-93e92e730bbf
CVE-2026-34024 was published on 2026-06-15T12:16:24.713Z and has not been modified since then.