CVE-2026-34030
Received Received - Intake
Path Traversal in Wertheim SafeController Software

Publication date: 2026-06-15

Last updated on: 2026-06-15

Assigner: SEC Consult Vulnerability Lab

Description
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, does not sufficiently validate the branch code when a new branch is created. The branch code is later used in multiple application functions, including filesystem path generation for uploaded files, profile pictures, and settings. An authenticated attacker with the settings_branches_manage privilege can include path traversal sequences in the branch code and influence the final filesystem location used by affected file operations. This can allow files to be stored in unintended locations, subject to service-account write permissions and branch-code length restrictions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-15
Last Modified
2026-06-15
Generated
2026-06-15
AI Q&A
2026-06-15
EPSS Evaluated
N/A
NVD
CVE-2026-34030
EUVD
EUVD-2026-36713
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wertheim safecontroller 6.15.8328.28014
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-73 The product allows user input to control or influence paths or file names that are used in filesystem operations.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability exists in Wertheim SafeController Software version 6.15.8328.28014, where the software does not properly validate the branch code when a new branch is created.

An authenticated attacker with the settings_branches_manage privilege can insert path traversal sequences into the branch code.

Because the branch code is used in multiple application functions, including generating filesystem paths for uploaded files, profile pictures, and settings, this flaw allows the attacker to influence where files are stored on the filesystem.

This can lead to files being stored in unintended locations, depending on the service-account's write permissions and branch-code length restrictions.

Impact Analysis

This vulnerability can allow an attacker with certain privileges to manipulate file storage locations within the application.

By exploiting path traversal in the branch code, the attacker can cause files to be saved outside of intended directories.

This could lead to unauthorized file overwrites, data corruption, or storage of malicious files in sensitive locations, depending on the permissions of the service account.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-34030. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart