CVE-2026-34030
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
Summary
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, does not sufficiently validate the branch code when a new branch is created. The branch code is later used in multiple application functions, including filesystem path generation for uploaded files, profile pictures, and settings. An authenticated attacker with the settings_branches_manage privilege can include path traversal sequences in the branch code and influence the final filesystem location used by affected file operations. This can allow files to be stored in unintended locations, subject to service-account write permissions and branch-code length restrictions.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Wertheim GmbH | Wertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System) | Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014 | affected |
Weaknesses
- CWE-73: CWE-73 External control of file name or path
Workarounds
Restrict branch-management privileges to trusted administrative users only. Validate branch codes on the server side using a strict allowlist of safe characters and reject path separators, traversal sequences, control characters, and other special characters. Ensure that filesystem paths are canonicalized and checked against an expected base directory before file operations are performed. Review service-account filesystem permissions so that the application can only write to required storage locations. These measures should only be treated as interim risk reduction; the vendor-provided patch should be installed.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.