CVE-2026-34028
Received Received - Intake
Unauthenticated File Access in Wertheim SafeController Software

Publication date: 2026-06-15

Last updated on: 2026-06-15

Assigner: SEC Consult Vulnerability Lab

Description
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, exposes web-accessible file paths that are not protected by an authorization scheme. An unauthenticated attacker can directly access HTTP endpoints to download files from locations such as /Resources/CompanyId_[ID]/Audio/ and /SafeData/.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-15
Last Modified
2026-06-15
Generated
2026-06-15
AI Q&A
2026-06-15
EPSS Evaluated
N/A
NVD
CVE-2026-34028
EUVD
EUVD-2026-36711
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wertheim safecontroller 6.15.8328.28014
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-425 The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability in the Wertheim SafeController Software version 6.15.8328.28014 allows an unauthenticated attacker to access certain web-accessible file paths without any authorization. This means that anyone can directly reach HTTP endpoints and download files from specific directories such as /Resources/CompanyId_[ID]/Audio/ and /SafeData/ without needing to log in or have permissions.

Impact Analysis

This vulnerability can lead to unauthorized disclosure of potentially sensitive files stored in the exposed directories. Since no authentication is required, attackers can freely download files, which might include confidential company data or other sensitive information. This can result in data breaches, loss of confidentiality, and potential misuse of the exposed data.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-34028. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart