Description
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains insufficient server-side file type validation in the /safe/contract/uploadcustomdocuments endpoint. The application validates uploaded files based on the user-controlled HTTP Content-Type value and accepts the upload if this value contains an allowed string such as pdf, jpeg, tiff, or png. An authenticated attacker with any role or permission level can spoof the Content-Type value and upload arbitrary file content.
Published: 2026-06-15
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability in Wertheim SafeController Software arises from insufficient server‑side file type validation in the /safe/contract/uploadcustomdocuments endpoint. The application accepts uploads based on the user‑controlled HTTP Content‑Type header, allowing any authenticated user to spoof the header and upload arbitrary files. The description implies that if an uploaded file is later interpreted or executed by the system, it could result in code execution or other damage; this potential impact is inferred from the description.

Affected Systems

The affected product is Wertheim GmbH’s SafeController Software for VAULT ROOMS (Safe Deposit Locker System), AssemblyVersion 6.15.8328.28014. No fixed‑version information is publicly disclosed; the vulnerability applies to all installations that expose the upload API without the vendor's corrective patch.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity, and the EPSS score is not available. The vulnerability is not listed in CISA KEV. The exploit requires authentication but does not require privilege escalation; any authenticated user can upload arbitrary files. While the vulnerability itself is not immediately exploitable into remote code execution, the description indicates that uploading executable content could lead to execution once processed. The workaround mitigates some risk by restricting access and enforcing stricter validation, but the most secure remediation is to apply the vendor patch as soon as it is released.

Generated by OpenCVE AI on June 15, 2026 at 13:51 UTC.

Remediation

Vendor Solution

The vendor provides a patch which should be installed immediately. Specific fixed version information was not provided. Affected parties should contact the vendor to request the update.

Vendor Workaround

Restrict access to the SafeController web application and document upload functionality to authorized users and trusted network locations only. Enforce server-side validation of uploaded file extensions, MIME types, file signatures, and file content. Do not rely on client-supplied Content-Type headers for file validation. Store uploaded files outside of web-executable directories and ensure that uploaded content cannot be interpreted as server-side code. These measures should only be treated as interim risk reduction; the vendor-provided patch should be installed.

OpenCVE Recommended Actions

  • Contact Wertheim GmbH to obtain the vendor patch for SafeController Software and install it immediately.
  • Restrict access to the SafeController web application and its upload functionality to authorized users and trusted network segments only.
  • Enforce strict server‑side validation of file extensions, MIME types, file signatures, and actual content; do not rely on client‑supplied Content‑Type headers.
  • Store uploaded files outside any web‑executable directories and ensure that uploaded content cannot be interpreted as server‑side code.

Generated by OpenCVE AI on June 15, 2026 at 13:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 15 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 15 Jun 2026 12:00:00 +0000

Type Values Removed Values Added
Description The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains insufficient server-side file type validation in the /safe/contract/uploadcustomdocuments endpoint. The application validates uploaded files based on the user-controlled HTTP Content-Type value and accepts the upload if this value contains an allowed string such as pdf, jpeg, tiff, or png. An authenticated attacker with any role or permission level can spoof the Content-Type value and upload arbitrary file content.
Title Upload restriction bypass in Wertheim SafeController Software allows authenticated users to upload arbitrary files
Weaknesses CWE-434
References
Metrics cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: SEC-VLab

Published:

Updated: 2026-06-15T12:31:07.429Z

Reserved: 2026-03-25T10:46:45.516Z

Link: CVE-2026-34027

cve-icon Vulnrichment

Updated: 2026-06-15T12:31:02.987Z

cve-icon NVD

Status : Received

Published: 2026-06-15T12:16:25.203

Modified: 2026-06-15T12:16:25.203

Link: CVE-2026-34027

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-15T14:00:12Z

Weaknesses
  • CWE-434

    Unrestricted Upload of File with Dangerous Type