What is the CVSS score of CVE-2026-8364?

CVE-2026-8364 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Gladinet Triofox are affected by CVE-2026-8364?

Gladinet Triofox Cloud Server Agent Access Service contains a critical authentication bypass vulnerability (CVE-2026-8364, CVSS 9.8) allowing unauthenticated remote attackers to access privileged…. A patch is available.

Gladinet Triofox CVE-2026-8364

EUVD-2026-32641 CRITICAL

Missing Authentication for Critical Function (CWE-306)

2026-05-27 tenable

GHSA-xw8r-hmpg-qx28

Authentication Bypass

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch available

May 27, 2026 - 22:04 EUVD

Analysis Generated

May 27, 2026 - 20:52 vuln.today

DescriptionNVD

Gladinet Triofox Cloud Server Agent Access Service (GladServerAgentService.exe) listens on TCP port 7878 and processes remote HTTP messages with URL paths starting with /resources, /status, /sysinfo, /woshome, /Settings, /schedule, or /DavCache.

AnalysisAI

Missing authentication in Gladinet Triofox's Cloud Server Agent Access Service (GladServerAgentService.exe) lets remote, unauthenticated attackers reach privileged HTTP endpoints exposed on TCP port 7878. The service processes requests to paths such as /resources, /status, /sysinfo, /woshome, /Settings, /schedule, and /DavCache without an authentication check (CWE-306), and the CVSS vector (AV:N/AC:L/PR:N/UI:N, C:H/I:H/A:H) rates the impact as full confidentiality, integrity, and availability compromise. …

RemediationAI

Within 24 hours: Enumerate all Gladinet Triofox deployments in your environment; identify and immediately isolate any instances accessible from the internet (TCP port 7878). Within 7 days: Deploy firewall rules restricting port 7878 access to approved networks only; enable monitoring and alerting for access to privileged paths (/resources, /status, /sysinfo, /Settings, /schedule, /DavCache); contact Gladinet Support for patch timeline and interim guidance. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-8364 vulnerability details – vuln.today

Back

Gladinet Triofox CVE-2026-8364

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code