PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-34026 Wertheim GmbH CVE debrief

CVE-2026-34026 is a path traversal vulnerability in Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014. The vulnerability exists in the documentName parameter of the /safe/selfservice/openselfservicedocument endpoint. An authenticated attacker with any role or permission level can exploit this vulnerability to traverse out of the intended document directory and download arbitrary files accessible to the application. This includes, but is not limited to, application log files containing sensitive information and application binaries. The CVSS score for this vulnerability is 7.1, indicating a HIGH severity.

Vendor
Wertheim GmbH
Product
Wertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System)
CVSS
HIGH 7.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-15
Original CVE updated
2026-06-15
Advisory published
2026-06-15
Advisory updated
2026-06-15

Who should care

Users of Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, should be aware of this vulnerability and take steps to mitigate it.

Technical summary

The application constructs a file path using attacker-controlled input without sufficient validation, allowing an authenticated attacker to traverse out of the intended document directory and download arbitrary files accessible to the application.

Defensive priority

HIGH

Recommended defensive actions

  • Apply patches or updates to fix the vulnerability.
  • Restrict access to the /safe/selfservice/openselfservicedocument endpoint.
  • Monitor application log files for suspicious activity.

Evidence notes

The CVE record and NVD detail can be found at [cve-org] and [nvd], respectively. Additional information can be found at [ref-4] and [ref-5].

Official resources

CVE-2026-34026 was published on 2026-06-15T12:16:25.040Z and has not been modified since then.