CVE Catalog

CVE-2026-34028

MediumCVSS 6.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.40%

31th percentile — higher than 31% of all known CVEs

Summary

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, exposes web-accessible file paths that are not protected by an authorization scheme. An unauthenticated attacker can directly access HTTP endpoints to download files from locations such as /Resources/CompanyId_[ID]/Audio/ and /SafeData/.

Risk Assessment

The risk to the organization involves the potential for unauthorized access to sensitive data, which could lead to information leaks and privacy violations.

Recommendation

It is recommended to implement appropriate authorization mechanisms for all endpoints and review the software's security to minimize the risk of unauthorized access.

Original NVD description (English source)

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, exposes web-accessible file paths that are not protected by an authorization scheme. An unauthenticated attacker can directly access HTTP endpoints to download files from locations such as /Resources/CompanyId_[ID]/Audio/ and /SafeData/.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS