CVE-2026-34026
Received Received - Intake
Path Traversal in Wertheim SafeController Software

Publication date: 2026-06-15

Last updated on: 2026-06-15

Assigner: SEC Consult Vulnerability Lab

Description
Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a path traversal vulnerability in the documentName parameter of the /safe/selfservice/openselfservicedocument endpoint. The application constructs a file path using attacker-controlled input without sufficient validation, allowing an authenticated attacker with any role or permission level to traverse out of the intended document directory and download arbitrary files accessible to the application. This includes, but is not limited to, application log files containing sensitive information and application binaries.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-15
Last Modified
2026-06-15
Generated
2026-06-15
AI Q&A
2026-06-15
EPSS Evaluated
N/A
NVD
CVE-2026-34026
EUVD
EUVD-2026-36709
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wertheim safecontroller 6.15.8328.28014
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-23 The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Wertheim SafeController Software version 6.15.8328.28014. It is a path traversal flaw in the documentName parameter of the /safe/selfservice/openselfservicedocument endpoint. The software constructs file paths using input controlled by an attacker without properly validating it. As a result, an authenticated attacker with any role or permission level can manipulate the input to traverse outside the intended document directory and download arbitrary files that the application can access.

These files can include sensitive application log files and application binaries, which may contain confidential or critical information.

Impact Analysis

This vulnerability can allow an attacker to access sensitive files on the server that they should not normally be able to reach. This could lead to exposure of confidential information contained in log files or application binaries.

Such unauthorized access can compromise the security and integrity of the system, potentially enabling further attacks or data breaches.

Compliance Impact

The vulnerability allows an authenticated attacker to download arbitrary files, including application log files containing sensitive information. This exposure of sensitive data could lead to non-compliance with data protection regulations such as GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access.

Since the vulnerability enables unauthorized access to sensitive files, it undermines the confidentiality and integrity principles mandated by these standards, potentially resulting in data breaches and regulatory penalties.

Mitigation Strategies

The vulnerability allows an authenticated attacker to perform path traversal via the documentName parameter in the /safe/selfservice/openselfservicedocument endpoint.

Immediate mitigation steps include applying any available patches or updates provided by the vendor to fix this vulnerability.

Additionally, restrict access to the affected endpoint to trusted users only and monitor for unusual file access patterns.

Detection Guidance

The vulnerability exists in the Wertheim SafeController Software version 6.15.8328.28014, specifically in the /safe/selfservice/openselfservicedocument endpoint where the documentName parameter is vulnerable to path traversal.

To detect this vulnerability on your system or network, you can attempt to access the endpoint with crafted requests that try to traverse directories by manipulating the documentName parameter.

  • Use curl or similar HTTP clients to send requests attempting to access files outside the intended directory, for example:
  • curl -v -u <username>:<password> "http://<target>/safe/selfservice/openselfservicedocument?documentName=../../../../etc/passwd"
  • Replace ../../../../etc/passwd with other sensitive file paths relevant to your environment to check if arbitrary files can be downloaded.

Successful retrieval of files outside the intended document directory indicates the presence of the path traversal vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-34026. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart