Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
A stack-based buffer overflow condition exists in WOSDeviceDropFolder.dll when processing a long URL path starting with /resources:
AnalysisAI
Remote code execution in Gladinet Triofox is possible through a stack-based buffer overflow in the WOSDeviceDropFolder.dll component, which mishandles overly long URL paths that begin with /resources. The CVSS 9.8 vector indicates an unauthenticated, network-reachable flaw requiring no user interaction, meaning any attacker who can reach the Triofox web service can corrupt the stack and potentially execute arbitrary code. The issue was reported by Tenable (TRA-2026-45); no public exploit identified at time of analysis and no EPSS score was provided in the source data.
Technical ContextAI
Triofox is Gladinet's enterprise file-sharing and remote-access platform, and the affected code lives in WOSDeviceDropFolder.dll - a native (DLL) request-handling library that processes device drop-folder URL routes. The root cause is CWE-121 (stack-based buffer overflow): the library copies an attacker-supplied URL path beginning with /resources into a fixed-size stack buffer without adequate bounds checking, so a sufficiently long path overruns the buffer and overwrites adjacent stack memory, including saved return addresses. Because this is a compiled C/C++ component handling raw HTTP path input, successful overflow can redirect control flow rather than merely crash the process.
RemediationAI
No vendor-released patch identified at time of analysis - the input data contains no fixed version number, so no exact upgrade target can be cited without inventing one. Monitor Gladinet's security channel and the Tenable advisory at https://www.tenable.com/security/research/TRA-2026-45 for a patched build, and apply it as soon as it is published. As compensating controls while unpatched: restrict network reachability of the Triofox web service to trusted networks or a VPN rather than exposing it to the internet (trade-off: breaks external remote-access workflows that the product exists to provide); place a reverse proxy or WAF in front of the service to drop requests whose URL path starts with /resources and exceeds a sane length, since that is the specific trigger condition (trade-off: may block legitimate long resource paths and requires tuning); and increase monitoring for crashes or anomalous long /resources requests against the WOSDeviceDropFolder handler. Validate any rule against legitimate traffic before enforcing in blocking mode.
Triofox versions before 16.7.10368.56560 contain an improper access control flaw allowing access to initial setup pages
Remote code execution in Gladinet Triofox is possible through a stack-based buffer overflow in WOSDefaultHttpModule.dll,
Missing authentication in Gladinet Triofox's Cloud Server Agent Access Service (GladServerAgentService.exe) lets remote,
Denial of service in Gladinet Triofox lets unauthenticated remote attackers crash the web service by sending an HTTP req
Information disclosure via path traversal in Gladinet Triofox lets remote unauthenticated attackers read arbitrary files
Denial of service in Gladinet Triofox lets remote unauthenticated attackers crash the Triofox Server Agent by triggering
Same weakness CWE-121 – Stack-based Buffer Overflow
View allSame technique Stack Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-32642
GHSA-h65f-pj95-wmgc