CVE-2026-34027— Upload restriction bypass in Wertheim SafeController Software allows authenticated users to upload arbitrary files
Possible ATT&CK Techniques 1AI
T1190 · Exploit Public-Facing ApplicationAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Wertheim GmbH | Wertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System) | Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-34027
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Upload restriction bypass in Wertheim SafeController Software allows authenticated users to upload arbitrary files
Source: NVD (National Vulnerability Database)
Vulnerability Description
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains insufficient server-side file type validation in the /safe/contract/uploadcustomdocuments endpoint. The application validates uploaded files based on the user-controlled HTTP Content-Type value and accepts the upload if this value contains an allowed string such as pdf, jpeg, tiff, or png. An authenticated attacker with any role or permission level can spoof the Content-Type value and upload arbitrary file content.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
危险类型文件的不加限制上传
Source: NVD (National Vulnerability Database)
Vulnerability Title
Wertheim SafeController Software for VAULT ROOMS 任意文件上传漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Wertheim SafeController Software for VAULT ROOMS是Wertheim公司的一款金库安全保险柜系统的控制软件。 Wertheim SafeController Software for VAULT ROOMS 6.15.8328.28014版本存在任意文件上传漏洞,该漏洞源于/safe/contract/uploadcustomdocuments端点对服务器端文件类型验证不足,攻击者可通过伪造Content-Type值上传任意文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Wertheim GmbH | Wertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System) | Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014 | - |
II. Public POCs for CVE-2026-34027
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-34027
请登录查看更多情报信息。
Vendor Pages for CVE-2026-34027 (1)
Same Patch Batch · Wertheim GmbH · 2026-06-15 · 10 CVEs total
| CVE-2026-34024 | Missing authorization checks in Wertheim SafeController Software allow low-privileged user | |
| CVE-2026-34028 | Unauthenticated direct access to web data in Wertheim SafeController Software exposes file | |
| CVE-2026-34022 | Weak custom cryptography and hard-coded keys in Wertheim SafeController 65000 allow traffi | |
| CVE-2026-34029 | Hard-coded cryptographic key in Wertheim SafeController Software allows decryption of sens | |
| CVE-2026-34025 | IP restriction bypass in Wertheim SafeController Software allows logins from unauthorized | |
| CVE-2026-34026 | Path traversal in Wertheim SafeController Software allows authenticated users to download | |
| CVE-2026-34021 | Lack of cryptographic protection in Wertheim SafeController 5400 enables RS-485 message sn | |
| CVE-2026-34030 | Improper branch-code validation in Wertheim SafeController Software allows file path manip | |
| CVE-2026-34023 | Broken WebSocket authorization in Wertheim SafeController Software allows cross-branch acc |
IV. Related Vulnerabilities
- CVE-2026-34030
Improper branch-code validation in Wertheim SafeController S - CVE-2026-34029
Hard-coded cryptographic key in Wertheim SafeController Soft - CVE-2026-34028
Unauthenticated direct access to web data in Wertheim SafeCo - CVE-2026-34026
Path traversal in Wertheim SafeController Software allows au - CVE-2026-34025
IP restriction bypass in Wertheim SafeController Software al
Same vendor: Wertheim GmbH
- CVE-2026-34030
Improper branch-code validation in Wertheim SafeController S - CVE-2026-34029
Hard-coded cryptographic key in Wertheim SafeController Soft - CVE-2026-34028
Unauthenticated direct access to web data in Wertheim SafeCo - CVE-2026-34026
Path traversal in Wertheim SafeController Software allows au - CVE-2026-34025
IP restriction bypass in Wertheim SafeController Software al
Same weakness: CWE-434
- CVE-2019-25758
Joomla! Component vBizz 1.0.7 Remote Code Execution - CVE-2026-9860
Offload, AI & Optimize with Cloudflare Images <= 1.10.2 - Au - CVE-2026-52705
WordPress SigmaForms Pro – AI Generated Forms plugin <= 1.4. - CVE-2026-40749
WordPress Charity Zone theme <= 1.1.1 - Arbitrary File Uploa - CVE-2026-40748
WordPress Kids Gift Shop theme <= 0.5.4 - Arbitrary File Upl
V. Comments for CVE-2026-34027
No comments yet