What is the CVSS score of CVE-2026-8360?

CVE-2026-8360 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Which versions of Triofox are affected by CVE-2026-8360?

Gladinet Triofox Server Agent contains a denial-of-service vulnerability allowing unauthenticated remote attackers to crash the service through a NULL pointer dereference in system information…. A patch is available.

Triofox CVE-2026-8360

EUVD-2026-32645 HIGH

NULL Pointer Dereference (CWE-476)

2026-05-27 tenable

GHSA-8h36-w88j-j75h

Denial Of Service Null Pointer Dereference

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Patch available

May 27, 2026 - 22:04 EUVD

Analysis Generated

May 27, 2026 - 20:53 vuln.today

DescriptionNVD

Function calls to WOSCommonUtil.dll!WOSSysInfoGetDeviceInterface() in various DLLs (i.e., WOSProfileMgrModule.dll, WOSWebDavModule.dll) can return a NULL pointer (i.e., when no user is logged into the Triofox Server Agent Management Console). The returned NULL pointer is not checked before being dereferenced.

AnalysisAI

Denial of service in Gladinet Triofox lets remote unauthenticated attackers crash the Triofox Server Agent by triggering a NULL pointer dereference. The function WOSSysInfoGetDeviceInterface() in WOSCommonUtil.dll returns NULL whenever no user is logged into the Server Agent Management Console, and callers such as WOSProfileMgrModule.dll and WOSWebDavModule.dll dereference that pointer without checking it, causing a process crash. …

RemediationAI

Within 24 hours: Identify all Gladinet Triofox Server Agent instances in production and assess business-critical dependencies on those services. Within 7 days: Implement network segmentation and firewall rules restricting Triofox Server Agent connectivity to known, authorized client networks only; disable unnecessary internet exposure. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-8360 vulnerability details – vuln.today

Back

Triofox CVE-2026-8360

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code