Hard-Coded Cryptographic Key Vulnerability in Wertheim SafeController Software
CVE-2026-34029

6.8MEDIUM

Key Information:

Vendor: Wertheim Gmbh
Status: Wertheim Safecontroller Software For Vault Rooms (safe Deposit Locker System)
Vendor: CVE Published:; 15 June 2026

🔔 Create Wertheim Gmbh Vulnerability Alert

What is CVE-2026-34029?

The Wertheim SafeController Software contains a serious security flaw due to a hard-coded cryptographic key embedded in the SafeSystem.Infrastructure.Security.dll component. This vulnerability allows attackers with file access to reverse engineer the DLL, enabling them to extract the hard-coded key. The compromised key can be utilized to decrypt the licence.whs file, revealing confidential details about the licensing party, as well as a subsequent key that can unlock other configuration files. This exposure poses a significant risk to the integrity and security of the affected applications.

Affected Version(s)

Wertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System) Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014

References

https://wertheim-safes.com/safe-deposit-box-management/

product

https://r.sec-consult.com/wertheim

third-party-advisory

CVSS V4

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2026
Vulnerability Reserved
Mar 25, 2026

Credit

Christian Hager, SEC Consult Vulnerability Lab

Gorazd Jank, SEC Consult Vulnerability Lab

Philipp Espernberger, SEC Consult Vulnerability Lab

CVE-2026-34029 Data

JSON