CVE-2026-34023

Vulnerability

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an incorrect authorization vulnerability in the WebSocket communication used by the SafeController WebMessageBroker [1]. An authenticated attacker with valid low-privileged branch user credentials can manipulate WebSocket messages by specifying controller identifiers belonging to other branches [1]. This flaw violates the principle of least privilege, allowing access to restricted functions and resources outside the user's authorized branch [1][2].

Exploitation

An attacker must first obtain valid low-privileged credentials for a single branch [1]. With these credentials, the attacker can craft WebSocket messages that include controller identifiers from other branches, bypassing the intended authorization checks in the WebMessageBroker component [1]. No additional user interaction is required beyond authentication; the attacker can directly modify the message payload to access cross-branch resources [1].

Impact

Successful exploitation allows the attacker to access restricted functions and resources in other branches, including the ability to activate boxes outside of the user's authorized branch [1]. This leads to a violation of the least-privilege principle and unauthorized access to sensitive operations and data across branches, potentially compromising the confidentiality and integrity of the safe deposit locker system [1][2].

Mitigation

The vendor provides a patch, but specific version information was not disclosed [1]. Users are advised to contact the vendor directly to request the update and apply it immediately [1]. As a workaround, SEC Consult recommends performing a thorough security review of the product [1]. No KEV listing was mentioned in the available references.