Skip to main content

Gladinet Triofox EUVD-2026-32643

| CVE-2026-8362 CRITICAL
Stack-based Buffer Overflow (CWE-121)
2026-05-27 tenable GHSA-w8m3-4h6g-f289
Buffer Overflow Stack Overflow
9.8
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Patch available
May 27, 2026 - 22:04 EUVD
Analysis Generated
May 27, 2026 - 20:51 vuln.today

DescriptionNVD

A stack-based buffer overflow condition exists in WOSDefaultHttpModule.dll when processing a long URL path starting with /woshome

AnalysisAI

Remote code execution in Gladinet Triofox is possible through a stack-based buffer overflow in WOSDefaultHttpModule.dll, which fails to bounds-check overly long URL paths beginning with /woshome. Because the flaw is reachable over the network with no authentication and no user interaction (CVSS 9.8), an attacker who can reach the Triofox web service can corrupt the stack and potentially execute arbitrary code in the context of the web module. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Identify and inventory all Triofox deployments with network exposure and assess business criticality of each instance. Within 7 days: Implement emergency compensating controls including WAF rules blocking requests to /woshome endpoints, network segmentation to restrict Triofox access, and IP whitelisting where operationally feasible. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

EUVD-2026-32643 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy