What is the CVSS score of EUVD-2026-32645?

EUVD-2026-32645 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Which versions of Triofox are affected by EUVD-2026-32645?

Gladinet Triofox Server Agent contains a denial-of-service vulnerability allowing unauthenticated remote attackers to crash the service through a NULL pointer dereference in system information…. A patch is available.

Triofox EUVD-2026-32645

| CVE-2026-8360 HIGH

NULL Pointer Dereference (CWE-476)

2026-05-27 tenable

GHSA-8h36-w88j-j75h

Denial Of Service Null Pointer Dereference

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Patch available

May 27, 2026 - 22:04 EUVD

Analysis Generated

May 27, 2026 - 20:53 vuln.today

DescriptionNVD

Function calls to WOSCommonUtil.dll!WOSSysInfoGetDeviceInterface() in various DLLs (i.e., WOSProfileMgrModule.dll, WOSWebDavModule.dll) can return a NULL pointer (i.e., when no user is logged into the Triofox Server Agent Management Console). The returned NULL pointer is not checked before being dereferenced.

AnalysisAI

Denial of service in Gladinet Triofox lets remote unauthenticated attackers crash the Triofox Server Agent by triggering a NULL pointer dereference. The function WOSSysInfoGetDeviceInterface() in WOSCommonUtil.dll returns NULL whenever no user is logged into the Server Agent Management Console, and callers such as WOSProfileMgrModule.dll and WOSWebDavModule.dll dereference that pointer without checking it, causing a process crash. …

RemediationAI

Within 24 hours: Identify all Gladinet Triofox Server Agent instances in production and assess business-critical dependencies on those services. Within 7 days: Implement network segmentation and firewall rules restricting Triofox Server Agent connectivity to known, authorized client networks only; disable unnecessary internet exposure. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-32645 vulnerability details – vuln.today

Back

Triofox EUVD-2026-32645

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code