CVE-2026-34026 in SafeController Software for VAULT ROOMS
Summary
by MITRE • 06/15/2026
Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a path traversal vulnerability in the documentName parameter of the /safe/selfservice/openselfservicedocument endpoint. The application constructs a file path using attacker-controlled input without sufficient validation, allowing an authenticated attacker with any role or permission level to traverse out of the intended document directory and download arbitrary files accessible to the application. This includes, but is not limited to, application log files containing sensitive information and application binaries.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 06/15/2026
This vulnerability exists within Wertheim SafeController Software version 6.15.8328.28014 where the /safe/selfservice/openselfservicedocument endpoint fails to properly validate the documentName parameter input. The application directly incorporates user-supplied data into file path construction without adequate sanitization or access control measures, creating a classic path traversal flaw that falls under CWE-22. An authenticated attacker can exploit this weakness by manipulating the documentName parameter to navigate outside the intended document directory boundaries and access files that should remain restricted.
The technical implementation of this vulnerability allows an attacker to construct malicious file paths that bypass normal access controls and directory restrictions. When the application processes the documentName parameter, it treats the input as a legitimate file reference without validating whether the requested path remains within the designated document repository. This creates a scenario where an attacker can use directory traversal sequences such as ../ or ..\ to move up directory levels and access files that are not intended to be publicly available. The vulnerability affects all authenticated users regardless of their role or permission level, making it particularly dangerous as it does not require elevated privileges to exploit.
The operational impact of this vulnerability extends beyond simple unauthorized file access, as it can potentially expose sensitive application data including log files that may contain authentication credentials, system information, or other confidential data. Attackers could leverage this vulnerability to download application binaries, configuration files, or other sensitive components that could aid in further exploitation attempts. This type of vulnerability aligns with ATT&CK technique T1566.001 for initial access through malicious files and can also support credential access activities through log file harvesting. The exposure of application binaries could provide attackers with insights into the software architecture and potentially reveal additional vulnerabilities within the system.
Organizations should implement immediate mitigations including input validation and sanitization of all user-supplied parameters, particularly those used in file path construction. The application should enforce strict directory traversal checks and validate that all file access requests remain within the intended document directory boundaries. Additionally, implementing proper access controls and privilege separation can help limit the damage even if path traversal attempts are successful. Regular security assessments and code reviews focusing on file handling routines should be conducted to identify and remediate similar vulnerabilities. The implementation of web application firewalls and input validation rules can provide additional protection layers against such attacks. Organizations should also consider implementing principle of least privilege access controls to minimize the potential impact of successful exploitation attempts.