PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-34028 Wertheim GmbH CVE debrief

CVE-2026-34028 is a medium-severity vulnerability in Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014. The vulnerability exposes web-accessible file paths that are not protected by an authorization scheme, allowing an unauthenticated attacker to directly access HTTP endpoints to download files from locations such as /Resources/CompanyId_[ID]/Audio/ and /SafeData/. The CVSS score for this vulnerability is 6.9, indicating a medium severity.

Vendor
Wertheim GmbH
Product
Wertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System)
CVSS
MEDIUM 6.9
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-15
Original CVE updated
2026-06-15
Advisory published
2026-06-15
Advisory updated
2026-06-15

Who should care

Users of Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, should be aware of this vulnerability and take steps to mitigate it.

Technical summary

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, exposes web-accessible file paths that are not protected by an authorization scheme. An unauthenticated attacker can directly access HTTP endpoints to download files from locations such as /Resources/CompanyId_[ID]/Audio/ and /SafeData/.

Defensive priority

medium

Recommended defensive actions

  • Apply patches or updates to fix the vulnerability.
  • Implement proper authorization and access controls for web-accessible file paths.
  • Monitor for suspicious activity and implement additional security measures as needed.

Evidence notes

The CVE record and NVD detail can be found at [cve-org] and [nvd], respectively. Additional information can be found at [ref-4] and [ref-5].

Official resources

CVE-2026-34028 was published on 2026-06-15T12:16:25.367Z and has not been modified since then.