CVE-2026-34023

CVE Database · CVE-2026-34023

CVE-2026-34023

· N/AReceived

CVSS v3.1

N/A

CVSS v4.0

7.1

EPSS

0.34%

Published

Jun 15, 2026

Modified

Jun 15, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an incorrect authorization vulnerability in the WebSocket communication used by the SafeController WebMessageBroker. An authenticated attacker with valid low-privileged branch user credentials can manipulate WebSocket messages by specifying controller identifiers belonging to other branches. This allows the attacker to access restricted functions and resources in other branches, including activating boxes outside of the user's authorized branch.

Weaknesses (CWE)

CWE-863

References (3)

https://r.sec-consult.com/wertheim

https://wertheim-safes.com/safe-deposit-box-management/

https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-wertheim-safecontroller-software-for-vault-rooms-safe-deposit-locker-system/

KEV Catalog EPSS Scores Vendors All CVEs