Skip to main content

Gladinet Triofox EUVDEUVD-2026-32644

| CVE-2026-8361 HIGH
Relative Path Traversal (CWE-23)
2026-05-27 tenable GHSA-g856-22wv-j48p
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Patch available
May 27, 2026 - 22:04 EUVD
Analysis Generated
May 27, 2026 - 21:01 vuln.today

DescriptionCVE.org

A path traversal vulnerability exists in WOSDefaultHttpModule.dll when processing a URL path starting with /woshome

AnalysisAI

Information disclosure via path traversal in Gladinet Triofox lets remote unauthenticated attackers read arbitrary files on the server by sending crafted requests whose URL path begins with /woshome, which are handled by the WOSDefaultHttpModule.dll component. The CVSS 7.5 scoring (confidentiality-only impact) reflects unrestricted file read without code execution or service disruption. No public exploit has been identified at time of analysis, and the issue was reported by Tenable rather than appearing in CISA KEV.

Technical ContextAI

Triofox is Gladinet's enterprise secure file-sharing and remote-access gateway, identified by the CPE cpe:2.3:a:gladinet:triofox. The flaw lives in an IIS-style HTTP module, WOSDefaultHttpModule.dll, that intercepts and routes inbound requests. The root cause maps to CWE-23 (Relative Path Traversal): the module fails to properly canonicalize or constrain the file path derived from requests whose URL path starts with /woshome, so traversal sequences (e.g. ../) can escape the intended web directory and resolve to arbitrary files on the host filesystem. Because the impact is read-only (C:H/I:N/A:N), the vulnerability exposes file contents rather than allowing modification or execution.

RemediationAI

No vendor-released patch is identified from the provided data, so confirm the fixed build directly with Gladinet and review Tenable's advisory at https://www.tenable.com/security/research/TRA-2026-45 for version guidance before deploying. As compensating controls until a patched Triofox build is applied: restrict network exposure of the Triofox web service so it is not reachable from the public internet (place it behind a VPN or IP allowlist), since the attack vector is network-based. At the reverse proxy or WAF layer, block or closely filter requests whose URL path begins with /woshome and reject requests containing traversal sequences (../, encoded variants like %2e%2e), accepting that this may break legitimate /woshome functionality if that path is in normal use. Monitor web logs for anomalous /woshome requests and traversal patterns. These controls reduce exposure but do not remove the underlying defect, so upgrading to a vendor-confirmed fixed version remains the primary remediation.

Share

EUVD-2026-32644 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy