CVE-2026-34024
HighCVSS 8.6Exploitation Probability (EPSS)
Low risk22th percentile - higher than 22% of all known CVEs
Summary
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains missing authorization checks on multiple web application endpoints. An authenticated attacker with minimal privileges can access endpoints that are not visible in the frontend but remain directly reachable.
Risk Assessment
This allows the attacker to perform restricted actions such as switching the user's branch, uploading arbitrary files, downloading arbitrary files, and viewing details of arbitrary branches, which can lead to serious security breaches.
Recommendation
It is recommended to implement proper authorization checks on all application endpoints and review user permissions to minimize the risk of unauthorized access.
Original NVD description (English source)
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains missing authorization checks on multiple web application endpoints. An authenticated attacker with minimal privileges can access endpoints that are not visible in the frontend but remain directly reachable. This allows the attacker to perform restricted actions such as switching the user's branch, uploading arbitrary files, downloading arbitrary files, and viewing details of arbitrary branches.

