VYPR
← All advisories
Medium severityNVD Advisory· Published Jun 15, 2026

CVE-2026-34030

CVE-2026-34030

Description

Wertheim SafeController Software fails to validate branch codes, allowing authenticated attackers with specific privileges to write files to unintended locations via path traversal.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Wertheim SafeController Software fails to validate branch codes, allowing authenticated attackers with specific privileges to write files to unintended locations via path traversal.

Vulnerability

The vulnerability exists in Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014. The application does not sufficiently validate the branch code when a new branch is created. This branch code is later used in filesystem path generation for uploaded files, profile pictures, and settings. An authenticated attacker with the settings_branches_manage privilege can include path traversal sequences in the branch code, influencing the final filesystem location used by affected file operations. This allows files to be stored in unintended directories, subject to service-account write permissions and branch-code length restrictions [1].

Exploitation

An attacker must be authenticated and possess the settings_branches_manage privilege. The attacker creates a new branch with a branch code containing path traversal sequences (e.g., ../). When the application later uses this branch code to construct filesystem paths for file operations (uploads, profile pictures, settings), the traversal sequences redirect the file write to an arbitrary location on the filesystem. The success depends on the service account having write permissions to the target directory and the branch code not exceeding length restrictions.

Impact

Successful exploitation allows the attacker to write files to unintended locations on the server. The exact impact depends on the write permissions of the service account. If the service account has broad write access, the attacker could overwrite configuration files, inject malicious scripts, or place files in web-accessible directories, potentially leading to further compromise. The vulnerability is classified as medium severity.

Mitigation

The vendor has released a patch for this vulnerability. Users should contact Wertheim to obtain the update and apply it immediately. No specific fixed version number was provided in the advisory. As a workaround, restrict the settings_branches_manage privilege to only trusted administrators and monitor branch code inputs for path traversal patterns [1].

References
  1. Multiple Critical Vulnerabilities in Wertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System)

AI Insight generated on Jun 15, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"Insufficient input validation of the branch code allows injection of path traversal sequences."

Attack vector

An authenticated attacker with the `settings_branches_manage` privilege can inject path traversal sequences into the branch code during branch creation [ref_id=1]. Because the branch code is used in filesystem path generation for uploaded files, profile pictures, and settings, the attacker can influence the final storage location. This allows files to be written to unintended directories, subject to service-account write permissions and branch-code length restrictions.

Affected code

The Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014) does not validate the branch code when a new branch is created. The branch code is later used in filesystem path generation for uploaded files, profile pictures, and settings.

What the fix does

The advisory does not include a patch diff. The vendor's remediation guidance is not published in the provided bundle. The recommended fix would be to validate the branch code against a strict allowlist of permitted characters and reject any input containing path traversal sequences (e.g., `../`).

Preconditions

  • authThe attacker must be authenticated and hold the `settings_branches_manage` privilege.
  • inputThe attacker must be able to create a new branch with a crafted branch code.

Generated on Jun 15, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

2

News mentions

0

No linked articles in our index yet.