CVE-2026-34030
MediumCVSS 6.9Exploitation Probability (EPSS)
Low risk24th percentile — higher than 24% of all known CVEs
Summary
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, does not properly validate the branch code when creating a new branch. This allows an attacker with the appropriate privileges to include path traversal sequences, potentially leading to unintended file storage.
Risk Assessment
An attacker could exploit this vulnerability to manipulate the filesystem location of files, which may lead to breaches of confidentiality or data integrity.
Recommendation
It is recommended to implement additional validation of the branch code to prevent path traversal sequences and review the permissions of users managing branches.
Original NVD description (English source)
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, does not sufficiently validate the branch code when a new branch is created. The branch code is later used in multiple application functions, including filesystem path generation for uploaded files, profile pictures, and settings. An authenticated attacker with the settings_branches_manage privilege can include path traversal sequences in the branch code and influence the final filesystem location used by affected file operations. This can allow files to be stored in unintended locations, subject to service-account write permissions and branch-code length restrictions.

