Low

CVE-2026-34027: Security Advisory

CVE-2026-34027 CVSS 0
Who it affects
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains insufficient server-side file type validation in the /safe/contract/uploadcustomdocuments endpoint.
What to do
Apply the vendor's update in your next patch window.
Deploy the fix with Action1AutomoxManageEngine Patch Manager PlusManageEngine Endpoint Central Are you exposed? Compare patch tools →

CVE-2026-34027 is a low-severity vulnerability (CVSS n/a).

Summary

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains insufficient server-side file type validation in the /safe/contract/uploadcustomdocuments endpoint. The application validates uploaded files based on the user-controlled HTTP Content-Type value and accepts the upload if this value contains an allowed string such as pdf, jpeg, tiff, or png. An authenticated attacker with any role or permission level can spoof the Content-Type value and upload arbitrary file content.

Why MSPs should care

This vulnerability references tracked vendors: level.

Remediation

Apply the vendor’s update during your next patch window and verify exposure. Patch-management tools that can deploy and verify the fix include Action1, Automox, ManageEngine Patch Manager Plus, ManageEngine Endpoint Central. See our best patch management ranking.

Sources

Data as of June 16, 2026. Sources: nvd.nist.gov, r.sec-consult.com, wertheim-safes.com. Figures are pulled from public vendor and security data and refreshed automatically.