Skip to main content

Gladinet Triofox CVE-2026-8362

| EUVDEUVD-2026-32643 CRITICAL
Stack-based Buffer Overflow (CWE-121)
2026-05-27 tenable GHSA-w8m3-4h6g-f289
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Patch available
May 27, 2026 - 22:04 EUVD
Analysis Generated
May 27, 2026 - 20:51 vuln.today

DescriptionCVE.org

A stack-based buffer overflow condition exists in WOSDefaultHttpModule.dll when processing a long URL path starting with /woshome

AnalysisAI

Remote code execution in Gladinet Triofox is possible through a stack-based buffer overflow in WOSDefaultHttpModule.dll, which fails to bounds-check overly long URL paths beginning with /woshome. Because the flaw is reachable over the network with no authentication and no user interaction (CVSS 9.8), an attacker who can reach the Triofox web service can corrupt the stack and potentially execute arbitrary code in the context of the web module. No public exploit has been identified at the time of analysis, and the issue was reported by Tenable (TRA-2026-45).

Technical ContextAI

Triofox is Gladinet's enterprise file-sharing and remote-access gateway that exposes an IIS-hosted web layer; WOSDefaultHttpModule.dll is a native HTTP module ('WOS' = Web Object Server component) that intercepts and parses incoming request paths. The root cause is CWE-121 (stack-based buffer overflow): the module copies the request URL path into a fixed-size stack buffer without validating its length, so a sufficiently long path under the /woshome route overruns the buffer and overwrites adjacent stack memory, including saved return addresses. Because the parsing happens in unmanaged code inside the HTTP request pipeline, the overflow is triggered automatically during normal request handling. The CPE cpe:2.3:a:gladinet:triofox:*:*:*:*:*:*:*:* identifies the affected product as Gladinet Triofox with the specific version range left unspecified in the available data.

RemediationAI

No vendor-released patch and no exact fix version are identified in the available data, so consult the Tenable research advisory (https://www.tenable.com/security/research/TRA-2026-45) and Gladinet's security notices for an updated Triofox build and apply it once available. As compensating controls until a fixed version is confirmed, restrict network reachability of the Triofox web service to trusted networks or a VPN rather than exposing it directly to the internet (trade-off: breaks remote access for off-network users), and block or filter requests to the /woshome path at a reverse proxy or WAF and reject abnormally long URL paths (trade-off: a WAF path/length rule may break legitimate long requests and can be bypassed by encoding, so test before enforcing). Monitor IIS and Triofox logs for unusually long /woshome request paths and worker-process crashes as indicators of exploitation attempts.

Share

CVE-2026-8362 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy