CVE-2026-34027
Deferred Deferred - Pending Action

Insufficient File Validation in Wertheim SafeController

Vulnerability report for CVE-2026-34027, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-15

Last updated on: 2026-06-15

Assigner: SEC Consult Vulnerability Lab

Description

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains insufficient server-side file type validation in the /safe/contract/uploadcustomdocuments endpoint. The application validates uploaded files based on the user-controlled HTTP Content-Type value and accepts the upload if this value contains an allowed string such as pdf, jpeg, tiff, or png. An authenticated attacker with any role or permission level can spoof the Content-Type value and upload arbitrary file content.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-15
Last Modified
2026-06-15
Generated
2026-07-05
AI Q&A
2026-06-15
EPSS Evaluated
2026-07-04
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
wertheim safecontroller 6.15.8328.28014

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The provided information does not specify how the vulnerability in Wertheim SafeController Software impacts compliance with common standards and regulations such as GDPR or HIPAA.

Mitigation Strategies

The vulnerability allows an authenticated attacker to upload arbitrary files by spoofing the Content-Type header in the /safe/contract/uploadcustomdocuments endpoint.

Immediate mitigation steps include applying any available patches from the vendor to fix the insufficient server-side file type validation.

Additionally, restrict access to the upload endpoint to only trusted users and monitor uploads for suspicious file types or content.

Detection Guidance

This vulnerability involves insufficient server-side validation of the Content-Type header in file uploads to the /safe/contract/uploadcustomdocuments endpoint of the Wertheim SafeController Software. Detection can focus on monitoring HTTP requests to this endpoint for suspicious or spoofed Content-Type headers that do not match the actual file content.

To detect potential exploitation attempts, you can inspect web server logs or capture network traffic for POST requests to /safe/contract/uploadcustomdocuments where the Content-Type header contains allowed strings such as pdf, jpeg, tiff, or png, but the file content does not match these types.

Example commands to detect such activity might include:

  • Using tcpdump or tshark to capture HTTP POST requests to the vulnerable endpoint:
  • tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep '/safe/contract/uploadcustomdocuments'
  • Using grep to search web server access logs for suspicious Content-Type headers:
  • grep 'POST /safe/contract/uploadcustomdocuments' /var/log/apache2/access.log | grep -i 'Content-Type: '
  • Using a script or tool to verify that the Content-Type header matches the actual file content (e.g., using the 'file' command on saved uploads).

Note that detection requires authenticated access logs or network captures since the vulnerability requires authentication.

Executive Summary

The vulnerability exists in the Wertheim SafeController Software, version 6.15.8328.28014, specifically in the /safe/contract/uploadcustomdocuments endpoint. The software performs insufficient server-side validation of uploaded file types by relying on the user-controlled HTTP Content-Type header. It accepts files if the Content-Type contains allowed strings like pdf, jpeg, tiff, or png. However, an authenticated attacker with any role or permission level can spoof this Content-Type value and upload arbitrary file content, bypassing proper validation.

Impact Analysis

This vulnerability allows an authenticated attacker to upload arbitrary files by spoofing the Content-Type header. This could lead to unauthorized file uploads that may contain malicious content, potentially resulting in further exploitation such as code execution, data compromise, or disruption of service depending on how the uploaded files are handled by the application.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-34027. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart