Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-34024
PUBLISHED
More InfoOfficial Page
Assigner-SEC-VLab
Assigner Org ID-551230f0-3615-47bd-b7cc-93e92e730bbf
View Known Exploited Vulnerability (KEV) details
Published At-15 Jun, 2026 | 10:03
Updated At-15 Jun, 2026 | 12:27
Rejected At-
▼CVE Numbering Authority (CNA)
Missing authorization checks in Wertheim SafeController Software allow low-privileged users to access restricted functions

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains missing authorization checks on multiple web application endpoints. An authenticated attacker with minimal privileges can access endpoints that are not visible in the frontend but remain directly reachable. This allows the attacker to perform restricted actions such as switching the user's branch, uploading arbitrary files, downloading arbitrary files, and viewing details of arbitrary branches.

Affected Products
Vendor
Wertheim GmbH
Product
Wertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System)
Default Status
unknown
Versions
Affected
  • Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014
Problem Types
TypeCWE IDDescription
CWECWE-862CWE-862 Missing Authorization
Type: CWE
CWE ID: CWE-862
Description: CWE-862 Missing Authorization
Metrics
VersionBase scoreBase severityVector
4.08.6HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Version: 4.0
Base score: 8.6
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-1CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs
CAPEC ID: CAPEC-1
Description: CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs
Solutions

The vendor provides a patch which should be installed immediately. Specific fixed version information was not provided. Affected parties should contact the vendor to request the update.

Configurations
Workarounds

Restrict access to the SafeController web application to authorized users and trusted network locations only. Review user accounts, roles, and branch assignments. Monitor requests to administrative and document-management endpoints for access by users that should not have the corresponding privileges. These measures should only be treated as interim risk reduction; the vendor-provided patch should be installed.

Exploits
Credits
finder
Christian Hager, SEC Consult Vulnerability Lab
finder
Gorazd Jank, SEC Consult Vulnerability Lab
finder
Philipp Espernberger, SEC Consult Vulnerability Lab
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://wertheim-safes.com/safe-deposit-box-management/
product
https://r.sec-consult.com/wertheim
third-party-advisory
Hyperlink: https://wertheim-safes.com/safe-deposit-box-management/
Resource:
product
Hyperlink: https://r.sec-consult.com/wertheim
Resource:
third-party-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found