CVE-2026-34030: CWE-73 External control of file name or path in Wertheim GmbH Wertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System)
CVE-2026-34030 is a medium severity vulnerability in Wertheim GmbH's SafeController Software for vault rooms. The software does not properly validate branch codes when creating new branches. Authenticated users with the settings_branches_manage privilege can exploit this by including path traversal sequences in the branch code, causing files to be stored in unintended filesystem locations. This is limited by service account write permissions and branch code length restrictions.
AI Analysis
Technical Summary
The Wertheim SafeController Software version AssemblyVersion 6.15.8328.28014 suffers from insufficient validation of branch codes during branch creation. The branch code is used in multiple application functions, including generating filesystem paths for uploaded files, profile pictures, and settings. An authenticated attacker with the settings_branches_manage privilege can inject path traversal sequences into the branch code, influencing the final filesystem path used by file operations. This can lead to files being written outside intended directories, constrained by service account permissions and branch code length limits. No official patch or remediation level has been disclosed, and no known exploits are reported in the wild.
Potential Impact
An attacker with authenticated access and the settings_branches_manage privilege can manipulate branch codes to cause files to be stored in arbitrary filesystem locations accessible by the service account. This may lead to unauthorized file writes outside intended directories, potentially affecting system integrity or availability depending on the context and permissions. The impact is limited by the privileges required and the service account's write permissions.
Mitigation Recommendations
No official patch or remediation guidance has been published by the vendor as of now. Organizations should monitor the vendor advisory for updates. Until a fix is available, restrict the settings_branches_manage privilege to trusted users only and audit branch code inputs for suspicious path traversal patterns to mitigate exploitation risk.
CVE-2026-34030: CWE-73 External control of file name or path in Wertheim GmbH Wertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System)
Description
CVE-2026-34030 is a medium severity vulnerability in Wertheim GmbH's SafeController Software for vault rooms. The software does not properly validate branch codes when creating new branches. Authenticated users with the settings_branches_manage privilege can exploit this by including path traversal sequences in the branch code, causing files to be stored in unintended filesystem locations. This is limited by service account write permissions and branch code length restrictions.
CVSS v4.0
Score 6.9medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The Wertheim SafeController Software version AssemblyVersion 6.15.8328.28014 suffers from insufficient validation of branch codes during branch creation. The branch code is used in multiple application functions, including generating filesystem paths for uploaded files, profile pictures, and settings. An authenticated attacker with the settings_branches_manage privilege can inject path traversal sequences into the branch code, influencing the final filesystem path used by file operations. This can lead to files being written outside intended directories, constrained by service account permissions and branch code length limits. No official patch or remediation level has been disclosed, and no known exploits are reported in the wild.
Potential Impact
An attacker with authenticated access and the settings_branches_manage privilege can manipulate branch codes to cause files to be stored in arbitrary filesystem locations accessible by the service account. This may lead to unauthorized file writes outside intended directories, potentially affecting system integrity or availability depending on the context and permissions. The impact is limited by the privileges required and the service account's write permissions.
Mitigation Recommendations
No official patch or remediation guidance has been published by the vendor as of now. Organizations should monitor the vendor advisory for updates. Until a fix is available, restrict the settings_branches_manage privilege to trusted users only and audit branch code inputs for suspicious path traversal patterns to mitigate exploitation risk.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- SEC-VLab
- Date Reserved
- 2026-03-25T10:46:45.516Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a2fe9580b89be6888e9866e
Added to database: 6/15/2026, 12:00:24 PM
Last enriched: 6/15/2026, 12:16:03 PM
Last updated: 6/15/2026, 1:14:50 PM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.