Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable web endpoints (AV:N), no special conditions (AC:L), requires a low-privilege authenticated session (PR:L), no user interaction (UI:N); cross-branch file read and write give C:H/I:H, no availability impact (A:N).
Primary rating from Vendor (SEC-VLab).
CVSS VectorVendor: SEC-VLab
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains missing authorization checks on multiple web application endpoints. An authenticated attacker with minimal privileges can access endpoints that are not visible in the frontend but remain directly reachable. This allows the attacker to perform restricted actions such as switching the user's branch, uploading arbitrary files, downloading arbitrary files, and viewing details of arbitrary branches.
AnalysisAI
Authorization bypass in Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014) enables low-privileged authenticated users to reach hidden web endpoints and perform restricted operations including branch switching, arbitrary file upload/download, and viewing details of arbitrary branches. The flaw stems from missing access control on endpoints that exist server-side but are not surfaced in the UI, breaking the product's tenancy/segregation between branches. No public exploit identified at time of analysis; CVSS 4.0 base score is 8.6 (high).
Technical ContextAI
Wertheim SafeController is the management software for Wertheim vault-room and safe-deposit-locker systems (CPE cpe:2.3:a:wertheim_gmbh:wertheim_safecontroller_software_for_vault_rooms_(safe_deposit_locker_system)). Authorization in the application appears to be enforced primarily by hiding controls in the frontend rather than re-checking permissions on the server, the classic CWE-862 (Missing Authorization) pattern. Because the affected endpoints accept HTTP requests directly from any authenticated session, the trust boundary between low-privilege users and administrator/branch-restricted functionality is effectively non-existent at the API layer, and branch isolation (the multi-tenant boundary that keeps one locker branch separate from another) collapses.
RemediationAI
No vendor-released patch identified at time of analysis; consult Wertheim directly and monitor the SEC-Consult advisory at https://r.sec-consult.com/wertheim for the coordinated disclosure and any fixed AssemblyVersion above 6.15.8328.28014. Until a fix is published, restrict reachability of the SafeController web application to a dedicated management VLAN and require VPN or jump-host access (this prevents casual abuse but does not stop a malicious low-privileged operator account), aggressively review and minimize the number of low-privilege user accounts that exist (every such account is a potential attacker under this CVE), enable verbose web-server access logging and alert on requests to administrative or branch-management URL paths originating from non-administrator sessions, and disable or remove any test/demo accounts. Avoid relying on frontend role hiding as a control - the affected endpoints are reachable directly regardless of UI state.
Authenticated path traversal in Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014) - software used to ma
Cross-branch authorization bypass in Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014) allows an authen
Path traversal in Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014) enables an authenticated user holdi
Unauthenticated file disclosure in Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014) exposes unprotecte
Hard-coded cryptographic key exposure in Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014) enables loca
Unrestricted file upload in Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014) allows any authenticated
IP restriction bypass in Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014) allows an attacker holding v
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-36707
GHSA-69r2-vwm9-7qqc