Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
2DescriptionCVE.org
Function calls to WOSCommonUtil.dll!WOSSysInfoGetDeviceInterface() in various DLLs (i.e., WOSProfileMgrModule.dll, WOSWebDavModule.dll) can return a NULL pointer (i.e., when no user is logged into the Triofox Server Agent Management Console). The returned NULL pointer is not checked before being dereferenced.
AnalysisAI
Denial of service in Gladinet Triofox lets remote unauthenticated attackers crash the Triofox Server Agent by triggering a NULL pointer dereference. The function WOSSysInfoGetDeviceInterface() in WOSCommonUtil.dll returns NULL whenever no user is logged into the Server Agent Management Console, and callers such as WOSProfileMgrModule.dll and WOSWebDavModule.dll dereference that pointer without checking it, causing a process crash. There is no public exploit identified at time of analysis and the issue affects only availability (CVSS 7.5).
Technical ContextAI
Triofox is Gladinet's enterprise file-sharing and remote-access platform; the affected component is the Triofox Server Agent, whose functionality is split across multiple native Windows DLLs. A shared helper, WOSCommonUtil.dll!WOSSysInfoGetDeviceInterface(), is intended to return a device-interface handle but instead returns NULL under a specific runtime state - when no user session is active in the Server Agent Management Console. Consuming modules (WOSProfileMgrModule.dll for profile management, WOSWebDavModule.dll for WebDAV handling, and others) call this helper and immediately dereference the result. This maps to CWE-476 (NULL Pointer Dereference): the root cause is a missing return-value validation between a function that can legitimately return NULL and the code paths that assume a valid pointer, leading to an access violation that terminates the agent process.
RemediationAI
No vendor-released patch version was identified in the available data, so confirm the current fix status and affected version range directly against the Tenable advisory (https://www.tenable.com/security/research/TRA-2026-45) and Gladinet's official Triofox release notes, then upgrade to the vendor-fixed build once published. As compensating controls until a patch is confirmed: restrict network access to the Triofox Server Agent and its Management Console interface to trusted management networks via firewall/ACLs rather than exposing it to the internet (trade-off: legitimate remote-management workflows must originate from allowed ranges); keep an authenticated user session active in the Server Agent Management Console where operationally feasible, since the NULL is returned specifically when no user is logged in (trade-off: this is a fragile, partial mitigation, not a fix, as sessions expire); and monitor the agent process for unexpected crashes/restarts so DoS attempts are detected and the service can be auto-recovered. Do not invent a patch version - cite only what the vendor advisory confirms.
Triofox versions before 16.7.10368.56560 contain an improper access control flaw allowing access to initial setup pages
Remote code execution in Gladinet Triofox is possible through a stack-based buffer overflow in WOSDefaultHttpModule.dll,
Remote code execution in Gladinet Triofox is possible through a stack-based buffer overflow in the WOSDeviceDropFolder.d
Missing authentication in Gladinet Triofox's Cloud Server Agent Access Service (GladServerAgentService.exe) lets remote,
Denial of service in Gladinet Triofox lets unauthenticated remote attackers crash the web service by sending an HTTP req
Information disclosure via path traversal in Gladinet Triofox lets remote unauthenticated attackers read arbitrary files
Same weakness CWE-476 – NULL Pointer Dereference
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-32645
GHSA-8h36-w88j-j75h