Insufficient File Type Validation in Wertheim SafeController Software
CVE-2026-34027

5.3MEDIUM

Key Information:

Vendor: Wertheim Gmbh
Status: Wertheim Safecontroller Software For Vault Rooms (safe Deposit Locker System)
Vendor: CVE Published:; 15 June 2026

🔔 Create Wertheim Gmbh Vulnerability Alert

What is CVE-2026-34027?

The Wertheim SafeController Software version 6.15.8328.28014 exhibits a security vulnerability in the /safe/contract/uploadcustomdocuments endpoint due to inadequate server-side file type validation. The software relies on user-controlled HTTP Content-Type values to determine accepted file types, permitting an authenticated attacker to spoof this value. By exploiting this weakness, an attacker can upload malicious files disguised as safe file types such as pdf, jpeg, tiff, or png, potentially leading to serious security implications.

Affected Version(s)

Wertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System) Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014

References

https://wertheim-safes.com/safe-deposit-box-management/

product

https://r.sec-consult.com/wertheim

third-party-advisory

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2026
Vulnerability Reserved
Mar 25, 2026

Credit

Christian Hager, SEC Consult Vulnerability Lab

Gorazd Jank, SEC Consult Vulnerability Lab

Philipp Espernberger, SEC Consult Vulnerability Lab

CVE-2026-34027 Data

JSON