CVE Catalog

CVE-2026-34026

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.39%

31th percentile - higher than 31% of all known CVEs

Summary

Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a path traversal vulnerability in the documentName parameter of the /safe/selfservice/openselfservicedocument endpoint. This allows an authenticated attacker with any role or permission level to traverse out of the intended document directory and download arbitrary files accessible to the application.

Risk Assessment

This vulnerability may lead to the disclosure of sensitive information, such as application log files and application binaries, posing a serious security threat to the organization.

Recommendation

It is recommended to implement proper input validation mechanisms for the documentName parameter and restrict access to sensitive files within the application.

Original NVD description (English source)

Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a path traversal vulnerability in the documentName parameter of the /safe/selfservice/openselfservicedocument endpoint. The application constructs a file path using attacker-controlled input without sufficient validation, allowing an authenticated attacker with any role or permission level to traverse out of the intended document directory and download arbitrary files accessible to the application. This includes, but is not limited to, application log files containing sensitive information and application binaries.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS