{"document":{"category":"csaf_vex","csaf_version":"2.0","title":"CVE-2026-34026: Path traversal in Wertheim SafeController Software allows authenticated users to download arbitrary files","publisher":{"category":"vendor","name":"HarborGuard Database","namespace":"https://database.harborguard.co"},"tracking":{"id":"CVE-2026-34026","status":"final","version":"1","initial_release_date":"2026-06-15T10:04:13.043Z","current_release_date":"2026-06-15T12:29:20.230Z","revision_history":[{"date":"2026-06-15T10:04:13.043Z","number":"1","summary":"Initial machine-readable export from HarborGuard."}]},"distribution":{"tlp":{"label":"WHITE"},"text":"Public CVE data; freely redistributable."},"notes":[{"category":"description","text":"Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a path traversal vulnerability in the documentName parameter of the /safe/selfservice/openselfservicedocument endpoint. The application constructs a file path using attacker-controlled input without sufficient validation, allowing an authenticated attacker with any role or permission level to traverse out of the intended document directory and download arbitrary files accessible to the application. This includes, but is not limited to, application log files containing sensitive information and application binaries.","title":"CVE description"}],"references":[{"category":"self","summary":"CVE-2026-34026 on HarborGuard Database","url":"https://database.harborguard.co/cve/CVE-2026-34026"},{"category":"external","summary":"CVE Record","url":"https://www.cve.org/CVERecord?id=CVE-2026-34026"},{"category":"external","summary":"wertheim-safes.com","url":"https://wertheim-safes.com/safe-deposit-box-management/"},{"category":"external","summary":"r.sec-consult.com","url":"https://r.sec-consult.com/wertheim"}]},"product_tree":{"branches":[{"category":"vendor","name":"Wertheim GmbH","branches":[{"category":"product_name","name":"Wertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System)","branches":[{"category":"product_version","name":"Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014","product":{"name":"Wertheim GmbH Wertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System) Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014","product_id":"CSAFPID-1","product_identification_helper":{"cpe":"cpe:2.3:a:wertheim_gmbh:wertheim_safecontroller_software_for_vault_rooms_\\(safe_deposit_locker_system\\):wertheim_safecontroller_software\\,_assemblyversion_6.15.8328.28014:*:*:*:*:*:*:*"}}}]}]}]},"vulnerabilities":[{"cve":"CVE-2026-34026","title":"Path traversal in Wertheim SafeController Software allows authenticated users to download arbitrary files","notes":[{"category":"description","text":"Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a path traversal vulnerability in the documentName parameter of the /safe/selfservice/openselfservicedocument endpoint. The application constructs a file path using attacker-controlled input without sufficient validation, allowing an authenticated attacker with any role or permission level to traverse out of the intended document directory and download arbitrary files accessible to the application. This includes, but is not limited to, application log files containing sensitive information and application binaries.","title":"CVE description"}],"product_status":{"known_affected":["CSAFPID-1"]},"scores":[{"cvss_v4":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N","baseScore":7.1,"baseSeverity":"HIGH"},"products":["CSAFPID-1"]}],"remediations":[{"category":"none_available","details":"No fixed version is published yet. Monitor the upstream advisory.","product_ids":["CSAFPID-1"]}]}]}