PatchSiren cyber security CVE debrief
CVE-2026-34027 Wertheim GmbH CVE debrief
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a vulnerability in the /safe/contract/uploadcustomdocuments endpoint. The application validates uploaded files based on the user-controlled HTTP Content-Type value and accepts the upload if this value contains an allowed string such as pdf, jpeg, tiff, or png. An authenticated attacker with any role or permission level can spoof the Content-Type value and upload arbitrary file content.
- Vendor
- Wertheim GmbH
- Product
- Wertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System)
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability has a CVSS score of 5.3 and a severity of MEDIUM. The CVSS vector is CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.
Defensive priority
MEDIUM
Recommended defensive actions
- Update to a patched version of Wertheim SafeController Software, if available.
- Implement proper server-side file type validation.
- Restrict file uploads to only allow specific file types.
Evidence notes
The vendor and product information is not confirmed, but there is a reference to Sec Consult.
Official resources
-
CVE-2026-34027 CVE record
CVE.org
-
CVE-2026-34027 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
551230f0-3615-47bd-b7cc-93e92e730bbf
-
Source reference
551230f0-3615-47bd-b7cc-93e92e730bbf
CVE-2026-34027 was published on 2026-06-15T12:16:25.203Z and has not been modified since then.