HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-34026Published Modified CNA SEC-VLab

CVE-2026-34026: Path traversal in Wertheim SafeController Software allows authenticated users to download arbitrary files

Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a path traversal vulnerability in the documentName parameter of the /safe/selfservice/openselfservicedocument endpoint. The application constructs a file path using attacker-controlled input without sufficient validation, allowing an authenticated attacker with any role or permission level to traverse out of the intended document directory and download arbitrary files accessible to the application. This includes, but is not limited to, application log files containing sensitive information and application binaries.

Metrics

CVSS v4.0
7.1
Severity
HIGH
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A path traversal vulnerability in Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014) allows any authenticated user, regardless of role, to download arbitrary files from the host by manipulating the documentName parameter in the /safe/selfservice/openselfservicedocument endpoint. The application builds a file path from attacker-controlled input without adequate validation, so an attacker who holds even the lowest-privilege account can walk outside the intended document directory and retrieve any file the application process can read. No fix version has been published; HarborGuard tracks this advisory and will surface a patched-image rebuild as soon as an upstream fix is released.

HarborGuard Coverage

Detection

Detection for CVE-2026-34026 is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against all customer images in connected registries and CI/CD pipelines, including custom-built images that package Wertheim SafeController Software.

Available
Triage

HarborGuard scores this CVE at CVSS v4.0 7.1 (HIGH) and surfaces it with per-environment compliance policy weighting applied, so teams with stricter data-handling requirements can have it routed at higher urgency. Findings are directed to the appropriate owner inbox within each customer organization based on configured routing rules.

Available
Patch

Because no fix version has been published, HarborGuard re-evaluates this advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment an upstream fix is released. In the interim, customers can apply compensating controls through HarborGuard's policy engine, such as network-policy isolation of the affected service and egress filtering to limit what an exploiting user can exfiltrate.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The vulnerable endpoint is exposed over the network, so an attacker must be able to reach the service via HTTP/HTTPS to send a crafted request.

  • AuthenticationRequired

    Any low-privilege account is sufficient; the vulnerability is not restricted to administrative or elevated roles.

  • Victim interactionNot required

    No victim action is needed; the attacker sends the malicious request directly without requiring another user to interact.

  • Attack complexityDetail

    The exploit is reliable and condition-free, requiring no race conditions or specific environmental setup beyond network access and valid credentials.

Blast Radius

  • Reads arbitrary files accessible to the application process, including configuration files that may contain database credentials, API keys, or internal hostnames.
  • Retrieves application log files that can contain session tokens, usernames, and audit trail data for the safe-deposit locker system.
  • Downloads application binaries, enabling an attacker to reverse-engineer proprietary logic or identify further vulnerabilities offline.
  • Exposes any operating-system-level files readable by the application account, such as /etc/passwd or service account key files stored on the host.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-34026 is active across all connected environments with no configuration needed. Because no vendor patch exists as of the CVE publication date, HarborGuard monitors the Wertheim advisory feed on every ingest cycle and will automatically trigger a patched-image rebuild and, for customers with auto-remediation enabled, open a PR against affected workloads the moment an upstream fix is published. While awaiting a fix, customers can use HarborGuard's policy engine to flag images containing AssemblyVersion 6.15.8328.28014 as non-compliant and block them from production promotion. Compensating controls worth considering include placing the SafeController service behind a network policy that restricts inbound access to known client IP ranges, enabling egress filtering to prevent outbound data transfer from the service host, and reviewing access logs for anomalous requests to the /safe/selfservice/openselfservicedocument endpoint.

See how HarborGuard automates this
Affected packages
  • Wertheim GmbH / Wertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System)
    Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
References