CVE-2026-34026

CVE Database · CVE-2026-34026

CVE-2026-34026

· N/AReceived

CVSS v3.1

N/A

CVSS v4.0

7.1

EPSS

0.39%

Published

Jun 15, 2026

Modified

Jun 15, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a path traversal vulnerability in the documentName parameter of the /safe/selfservice/openselfservicedocument endpoint. The application constructs a file path using attacker-controlled input without sufficient validation, allowing an authenticated attacker with any role or permission level to traverse out of the intended document directory and download arbitrary files accessible to the application. This includes, but is not limited to, application log files containing sensitive information and application binaries.

Weaknesses (CWE)

CWE-23

References (2)

https://r.sec-consult.com/wertheim

https://wertheim-safes.com/safe-deposit-box-management/

KEV Catalog EPSS Scores Vendors All CVEs