CVE-2026-34027

Published: Giu 15, 2026 Last Modified: Giu 15, 2026
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 5,3
Source: 551230f0-3615-47bd-b7cc-93e92e730bbf
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: none
Confidentiality: N/A
Integrity: N/A
Availability: N/A

Description

AI Translation Available

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains insufficient server-side file type validation in the /safe/contract/uploadcustomdocuments endpoint. The application validates uploaded files based on the user-controlled HTTP Content-Type value and accepts the upload if this value contains an allowed string such as pdf, jpeg, tiff, or png. An authenticated attacker with any role or permission level can spoof the Content-Type value and upload arbitrary file content.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0031
Percentile
0,2th
Updated

EPSS Score Trend (Last 2 Days)

434

Unrestricted Upload of File with Dangerous Type

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Confidentiality Availability
Potential Impacts:
Execute Unauthorized Code Or Commands
Applicable Platforms
Languages: ASP.NET, PHP, Not Language-Specific
Technologies: Web Server, AI/ML
Likelihood of Exploit: Medium
View CWE Details
https://r.sec-consult.com/wertheim
https://r.sec-consult.com/wertheim
https://wertheim-safes.com/safe-deposit-box-management/
https://wertheim-safes.com/safe-deposit-box-management/