CVE-2026-34026— Path traversal in Wertheim SafeController Software allows authenticated users to download arbitrary files
Affected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Wertheim GmbH | Wertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System) | Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-34026
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Path traversal in Wertheim SafeController Software allows authenticated users to download arbitrary files
Source: NVD (National Vulnerability Database)
Vulnerability Description
Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a path traversal vulnerability in the documentName parameter of the /safe/selfservice/openselfservicedocument endpoint. The application constructs a file path using attacker-controlled input without sufficient validation, allowing an authenticated attacker with any role or permission level to traverse out of the intended document directory and download arbitrary files accessible to the application. This includes, but is not limited to, application log files containing sensitive information and application binaries.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
相对路径遍历
Source: NVD (National Vulnerability Database)
Vulnerability Title
Wertheim SafeController Software for VAULT ROOMS 路径遍历漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Wertheim SafeController Software for VAULT ROOMS是Wertheim公司的一款金库安全保险柜系统的控制软件。 Wertheim SafeController Software for VAULT ROOMS 6.15.8328.28014版本存在路径遍历漏洞,该漏洞源于对/safe/selfservice/openselfservicedocument端点中documentName参数的路径处理不当,可能导致经过身份验证的攻击者越出预期文档目录并下载任意文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Wertheim GmbH | Wertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System) | Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014 | - |
II. Public POCs for CVE-2026-34026
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-34026
请登录查看更多情报信息。
Vendor Pages for CVE-2026-34026 (1)
Same Patch Batch · Wertheim GmbH · 2026-06-15 · 10 CVEs total
| CVE-2026-34024 | Missing authorization checks in Wertheim SafeController Software allow low-privileged user | |
| CVE-2026-34028 | Unauthenticated direct access to web data in Wertheim SafeController Software exposes file | |
| CVE-2026-34022 | Weak custom cryptography and hard-coded keys in Wertheim SafeController 65000 allow traffi | |
| CVE-2026-34029 | Hard-coded cryptographic key in Wertheim SafeController Software allows decryption of sens | |
| CVE-2026-34025 | IP restriction bypass in Wertheim SafeController Software allows logins from unauthorized | |
| CVE-2026-34027 | Upload restriction bypass in Wertheim SafeController Software allows authenticated users t | |
| CVE-2026-34021 | Lack of cryptographic protection in Wertheim SafeController 5400 enables RS-485 message sn | |
| CVE-2026-34030 | Improper branch-code validation in Wertheim SafeController Software allows file path manip | |
| CVE-2026-34023 | Broken WebSocket authorization in Wertheim SafeController Software allows cross-branch acc |
IV. Related Vulnerabilities
- CVE-2026-34030
Improper branch-code validation in Wertheim SafeController S - CVE-2026-34029
Hard-coded cryptographic key in Wertheim SafeController Soft - CVE-2026-34028
Unauthenticated direct access to web data in Wertheim SafeCo - CVE-2026-34027
Upload restriction bypass in Wertheim SafeController Softwar - CVE-2026-34025
IP restriction bypass in Wertheim SafeController Software al
Same vendor: Wertheim GmbH
- CVE-2026-34030
Improper branch-code validation in Wertheim SafeController S - CVE-2026-34029
Hard-coded cryptographic key in Wertheim SafeController Soft - CVE-2026-34028
Unauthenticated direct access to web data in Wertheim SafeCo - CVE-2026-34027
Upload restriction bypass in Wertheim SafeController Softwar - CVE-2026-34025
IP restriction bypass in Wertheim SafeController Software al
V. Comments for CVE-2026-34026
No comments yet