{"@context":"https://openvex.dev/ns/v0.2.0","@id":"https://database.harborguard.co/cve/CVE-2026-34026/vex.json","author":"HarborGuard Database","role":"Document Creator","timestamp":"2026-06-15T12:29:20.230Z","version":1,"tooling":"HarborGuard Database (https://database.harborguard.co)","statements":[{"vulnerability":{"name":"CVE-2026-34026","@id":"https://www.cve.org/CVERecord?id=CVE-2026-34026","description":"Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a path traversal vulnerability in the documentName parameter of the /safe/selfservice/openselfservicedocument endpoint. The application constructs a file path using attacker-controlled input without sufficient validation, allowing an authenticated attacker with any role or permission level to traverse out of the intended document directory and download arbitrary files accessible to the application. This includes, but is "},"products":[{"@id":"cpe:2.3:a:wertheim_gmbh:wertheim_safecontroller_software_for_vault_rooms_\\(safe_deposit_locker_system\\):wertheim_safecontroller_software\\,_assemblyversion_6.15.8328.28014:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:wertheim_gmbh:wertheim_safecontroller_software_for_vault_rooms_\\(safe_deposit_locker_system\\):wertheim_safecontroller_software\\,_assemblyversion_6.15.8328.28014:*:*:*:*:*:*:*"}}],"status":"affected","action_statement":"No fixed version is published yet; monitor the upstream advisory.","timestamp":"2026-06-15T12:29:20.230Z"}]}