Skip to main content
CVE-2026-34026 HIGH This Week

Authenticated path traversal in Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014) - software used to manage vault rooms and safe deposit locker systems - allows any logged-in user to read arbitrary files from the host via the documentName parameter of the /safe/selfservice/openselfservicedocument endpoint. Successful exploitation exposes application log files (which may contain credentials or session data) and application binaries, enabling secondary attacks against the safe deposit locker infrastructure. No public exploit identified at time of analysis, and the issue was disclosed by SEC Consult Vulnerability Lab (SEC-VLab).

Path Traversal Wertheim Safecontroller Software For Vault Rooms Safe Deposit Locker System
NVD
CVSS 4.0
7.1
EPSS
0.4%
CVE-2026-34023 HIGH This Week

Cross-branch authorization bypass in Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014) allows an authenticated low-privileged branch user to tamper with WebSocket messages handled by the SafeController WebMessageBroker and act on safe-deposit boxes belonging to other branches. The flaw stems from missing tenant/branch enforcement on supplied controller identifiers, enabling activation of vault boxes outside the user's authorized scope. No public exploit identified at time of analysis, and the CVE is not listed in CISA KEV.

Authentication Bypass Wertheim Safecontroller Software For Vault Rooms Safe Deposit Locker System
NVD
CVSS 4.0
7.1
EPSS
0.3%
CVE-2026-34022 HIGH This Week

Cryptographic key disclosure in Wertheim SafeController Family 65000 (AssemblyVersion 6.11.8130.22319), a microcontroller-based safe deposit locker system, allows adjacent attackers to decrypt protected communications. The device uses a weak custom (proprietary) cryptographic algorithm with hard-coded keys, and researchers at SEC-VLab demonstrated both breaking the encryption routine and recovering the key by intercepting sufficient traffic. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

Information Disclosure Wertheim Safecontroller Family 65000 Hardware For Vault Rooms Safe Deposit Locker System Microcontroller
NVD
CVSS 4.0
7.1
EPSS
0.1%
Prev Page 5 of 5

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy