Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
A path traversal vulnerability exists in WOSDefaultHttpModule.dll when processing a URL path starting with /woshome
AnalysisAI
Information disclosure via path traversal in Gladinet Triofox lets remote unauthenticated attackers read arbitrary files on the server by sending crafted requests whose URL path begins with /woshome, which are handled by the WOSDefaultHttpModule.dll component. The CVSS 7.5 scoring (confidentiality-only impact) reflects unrestricted file read without code execution or service disruption. No public exploit has been identified at time of analysis, and the issue was reported by Tenable rather than appearing in CISA KEV.
Technical ContextAI
Triofox is Gladinet's enterprise secure file-sharing and remote-access gateway, identified by the CPE cpe:2.3:a:gladinet:triofox. The flaw lives in an IIS-style HTTP module, WOSDefaultHttpModule.dll, that intercepts and routes inbound requests. The root cause maps to CWE-23 (Relative Path Traversal): the module fails to properly canonicalize or constrain the file path derived from requests whose URL path starts with /woshome, so traversal sequences (e.g. ../) can escape the intended web directory and resolve to arbitrary files on the host filesystem. Because the impact is read-only (C:H/I:N/A:N), the vulnerability exposes file contents rather than allowing modification or execution.
RemediationAI
No vendor-released patch is identified from the provided data, so confirm the fixed build directly with Gladinet and review Tenable's advisory at https://www.tenable.com/security/research/TRA-2026-45 for version guidance before deploying. As compensating controls until a patched Triofox build is applied: restrict network exposure of the Triofox web service so it is not reachable from the public internet (place it behind a VPN or IP allowlist), since the attack vector is network-based. At the reverse proxy or WAF layer, block or closely filter requests whose URL path begins with /woshome and reject requests containing traversal sequences (../, encoded variants like %2e%2e), accepting that this may break legitimate /woshome functionality if that path is in normal use. Monitor web logs for anomalous /woshome requests and traversal patterns. These controls reduce exposure but do not remove the underlying defect, so upgrading to a vendor-confirmed fixed version remains the primary remediation.
Triofox versions before 16.7.10368.56560 contain an improper access control flaw allowing access to initial setup pages
Remote code execution in Gladinet Triofox is possible through a stack-based buffer overflow in WOSDefaultHttpModule.dll,
Remote code execution in Gladinet Triofox is possible through a stack-based buffer overflow in the WOSDeviceDropFolder.d
Missing authentication in Gladinet Triofox's Cloud Server Agent Access Service (GladServerAgentService.exe) lets remote,
Denial of service in Gladinet Triofox lets unauthenticated remote attackers crash the web service by sending an HTTP req
Denial of service in Gladinet Triofox lets remote unauthenticated attackers crash the Triofox Server Agent by triggering
Same weakness CWE-23 – Relative Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-32644
GHSA-g856-22wv-j48p