Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
A stack-based buffer overflow condition exists in WOSDefaultHttpModule.dll when processing a long URL path starting with /woshome
AnalysisAI
Remote code execution in Gladinet Triofox is possible through a stack-based buffer overflow in WOSDefaultHttpModule.dll, which fails to bounds-check overly long URL paths beginning with /woshome. Because the flaw is reachable over the network with no authentication and no user interaction (CVSS 9.8), an attacker who can reach the Triofox web service can corrupt the stack and potentially execute arbitrary code in the context of the web module. No public exploit has been identified at the time of analysis, and the issue was reported by Tenable (TRA-2026-45).
Technical ContextAI
Triofox is Gladinet's enterprise file-sharing and remote-access gateway that exposes an IIS-hosted web layer; WOSDefaultHttpModule.dll is a native HTTP module ('WOS' = Web Object Server component) that intercepts and parses incoming request paths. The root cause is CWE-121 (stack-based buffer overflow): the module copies the request URL path into a fixed-size stack buffer without validating its length, so a sufficiently long path under the /woshome route overruns the buffer and overwrites adjacent stack memory, including saved return addresses. Because the parsing happens in unmanaged code inside the HTTP request pipeline, the overflow is triggered automatically during normal request handling. The CPE cpe:2.3:a:gladinet:triofox:*:*:*:*:*:*:*:* identifies the affected product as Gladinet Triofox with the specific version range left unspecified in the available data.
RemediationAI
No vendor-released patch and no exact fix version are identified in the available data, so consult the Tenable research advisory (https://www.tenable.com/security/research/TRA-2026-45) and Gladinet's security notices for an updated Triofox build and apply it once available. As compensating controls until a fixed version is confirmed, restrict network reachability of the Triofox web service to trusted networks or a VPN rather than exposing it directly to the internet (trade-off: breaks remote access for off-network users), and block or filter requests to the /woshome path at a reverse proxy or WAF and reject abnormally long URL paths (trade-off: a WAF path/length rule may break legitimate long requests and can be bypassed by encoding, so test before enforcing). Monitor IIS and Triofox logs for unusually long /woshome request paths and worker-process crashes as indicators of exploitation attempts.
Triofox versions before 16.7.10368.56560 contain an improper access control flaw allowing access to initial setup pages
Remote code execution in Gladinet Triofox is possible through a stack-based buffer overflow in the WOSDeviceDropFolder.d
Missing authentication in Gladinet Triofox's Cloud Server Agent Access Service (GladServerAgentService.exe) lets remote,
Denial of service in Gladinet Triofox lets unauthenticated remote attackers crash the web service by sending an HTTP req
Information disclosure via path traversal in Gladinet Triofox lets remote unauthenticated attackers read arbitrary files
Denial of service in Gladinet Triofox lets remote unauthenticated attackers crash the Triofox Server Agent by triggering
Same weakness CWE-121 – Stack-based Buffer Overflow
View allSame technique Stack Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-32643
GHSA-w8m3-4h6g-f289