Security Flaw in Wertheim SafeController Software Exposing Sensitive Endpoints
CVE-2026-34024

8.6HIGH

Key Information:

Vendor: Wertheim Gmbh
Status: Wertheim Safecontroller Software For Vault Rooms (safe Deposit Locker System)
Vendor: CVE Published:; 15 June 2026

🔔 Create Wertheim Gmbh Vulnerability Alert

What is CVE-2026-34024?

The Wertheim SafeController Software has a vulnerability that stems from missing authorization checks on several web application endpoints. This flaw allows authenticated attackers with minimal privileges to access backend endpoints that should not be publicly visible. The exposure of these endpoints enables the execution of restricted operations, including the ability to switch user branches, upload arbitrary files, download sensitive information, and view details pertaining to different branches. Such vulnerabilities can lead to significant security risks, highlighting the need for immediate remediation and enhanced security measures.

Affected Version(s)

Wertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System) Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014

References

https://wertheim-safes.com/safe-deposit-box-management/

product

https://r.sec-consult.com/wertheim

third-party-advisory

CVSS V4

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2026
Vulnerability Reserved
Mar 25, 2026

Credit

Christian Hager, SEC Consult Vulnerability Lab

Gorazd Jank, SEC Consult Vulnerability Lab

Philipp Espernberger, SEC Consult Vulnerability Lab

CVE-2026-34024 Data

JSON