CVE-2026-34026

Vulnerability

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a path traversal vulnerability in the documentName parameter of the /safe/selfservice/openselfservicedocument endpoint [1]. The application constructs a file path using attacker-controlled input without sufficient validation, allowing an authenticated attacker with any role or permission level to traverse out of the intended document directory and download arbitrary files accessible to the application [1]. This includes, but is not limited to, application log files containing sensitive information and application binaries [1].

Exploitation

An attacker needs a valid session with any role or permission level in the SafeController application to reach the vulnerable endpoint [1]. The attacker can manipulate the documentName parameter to include path traversal sequences such as ../ to navigate outside the intended document directory [1]. No additional privileges beyond authentication are required, and the attack does not require user interaction [1].

Impact

Successful exploitation allows the attacker to read arbitrary files from the server file system that the application has access to [1]. This can lead to the disclosure of sensitive information, including application logs that may contain credentials or other internal data, and application binaries that could be analyzed for further vulnerabilities [1]. The confidentiality of the system is compromised; integrity and availability are not directly affected by this specific vulnerability.

Mitigation

The vendor has released a patch; however, specific version information was not provided in the available references [1]. SEC Consult recommends that users contact the vendor directly to obtain the update and install it immediately [1]. Additionally, SEC Consult advises conducting a thorough security review of the product [1].