Description
Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a path traversal vulnerability in the documentName parameter of the /safe/selfservice/openselfservicedocument endpoint. The application constructs a file path using attacker-controlled input without sufficient validation, allowing an authenticated attacker with any role or permission level to traverse out of the intended document directory and download arbitrary files accessible to the application. This includes, but is not limited to, application log files containing sensitive information and application binaries.
Published: 2026-06-15
Score: 7.1 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Wertheim SafeController Software version 6.15.8328.28014 contains a path traversal flaw in the documentName parameter of the /safe/selfservice/openselfservicedocument endpoint. The application concatenates the supplied value into a file path without proper validation, allowing an authenticated user to specify relative or absolute paths that escape the intended document directory. This permits download of any file readable by the web‑application process, including sensitive logs and executable binaries, thereby exposing confidential information and potentially enabling further attacks.

Affected Systems

The vulnerable product is Wertheim SafeController Software used in Wertheim Vault Rooms for safe deposit lockers. Affected versions include AssemblyVersion 6.15.8328.28014; any deployment of this version without the vendor‑released patch is susceptible. The flaw exists specifically in the /safe/selfservice/openselfservicedocument endpoint exposed by the web interface of the SafeController application.

Risk and Exploitability

With a CVSS score of 7.1 the vulnerability is considered high severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. An attacker needs valid authentication to reach the vulnerable endpoint. Based on the description, the most likely attack vector is an authenticated user within the system, such as a staff member or a compromised account, who can supply crafted documentName values to retrieve arbitrary files. Once the files are downloaded, the attacker could exfiltrate sensitive data or use binaries to expand their foothold.

Generated by OpenCVE AI on June 15, 2026 at 13:23 UTC.

Remediation

Vendor Solution

The vendor provides a patch which should be installed immediately. Specific fixed version information was not provided. Affected parties should contact the vendor to request the update.

Vendor Workaround

Restrict access to the SafeController web application to authorized users and trusted network locations only. Review access to document download endpoints and monitor requests containing path traversal sequences, absolute paths, encoded traversal patterns, or unexpected filesystem paths. Ensure that sensitive log files and application binaries are not readable by the web application account unless strictly required. These measures should only be treated as interim risk reduction; the vendor-provided patch should be installed.

OpenCVE Recommended Actions

  • Apply the vendor‑provided patch to the affected SafeController installation immediately.
  • Constrain access to the SafeController web application by limiting it to trusted internal networks and enforcing strict role‑based access controls.
  • Review and restrict the document download endpoints, blocking requests that contain path‑traversal sequences, absolute paths, or encoded traversal patterns, and monitor traffic for such anomalies.
  • Ensure that application log files and binaries are not readable by the web‑application account unless explicitly required.

Generated by OpenCVE AI on June 15, 2026 at 13:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 15 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 15 Jun 2026 12:00:00 +0000

Type Values Removed Values Added
Description Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a path traversal vulnerability in the documentName parameter of the /safe/selfservice/openselfservicedocument endpoint. The application constructs a file path using attacker-controlled input without sufficient validation, allowing an authenticated attacker with any role or permission level to traverse out of the intended document directory and download arbitrary files accessible to the application. This includes, but is not limited to, application log files containing sensitive information and application binaries.
Title Path traversal in Wertheim SafeController Software allows authenticated users to download arbitrary files
Weaknesses CWE-23
References
Metrics cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: SEC-VLab

Published:

Updated: 2026-06-15T12:29:20.230Z

Reserved: 2026-03-25T10:46:45.516Z

Link: CVE-2026-34026

cve-icon Vulnrichment

Updated: 2026-06-15T12:29:15.847Z

cve-icon NVD

Status : Received

Published: 2026-06-15T12:16:25.040

Modified: 2026-06-15T12:16:25.040

Link: CVE-2026-34026

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-15T13:30:05Z

Weaknesses
  • CWE-23

    Relative Path Traversal