HarborGuard / CVE
Back to search
HIGHCVE-2026-8359Published Modified CNA tenable

CVE-2026-8359: Gladinet Triofox WOSHttpStatusModule.dll NULL Function Pointer Call DoS

When processing a request with a URL path starting with /status or /sysinfo, WOSHttpStatusModule.dll is to be loaded to handle such URL patterns. The WOSBin_LoadHttpModule function in the dll would be called to set up a "module" object for that module. However, WOSHttpStatusModule.dll is not present in the installation. As a result, a function pointer to WOSBin_LoadHttpModule (which would have been in the export table in WOSHttpStatusModule.dll) is set to NULL, resulting in calling a function at address 0.

HarborGuard Analysis

HarborGuard analysis

Synopsis

A NULL function pointer dereference in Gladinet Triofox causes the server to crash when handling certain URL paths. The vulnerability is reachable over the network without any authentication or user interaction: an attacker sends a crafted HTTP request to a path starting with /status or /sysinfo, which triggers the server to call a function pointer set to NULL because WOSHttpStatusModule.dll is absent from the installation. Successful exploitation crashes the affected Triofox service, causing a denial of service. A patched-image rebuild at version 17.3.10565.57509 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection of CVE-2026-8359 is available across every HarborGuard environment: the CVE is ingested from upstream feeds, including Tenable advisories, within minutes of publication and matched against all customer images in connected registries and CI/CD pipelines, including custom-built images that bundle Triofox components. Coverage applies to images built internally by customers, not only official distribution images.

Available
Triage

Triage is available with CVSS v3.1 scoring at 7.5 (HIGH), surfaced automatically for any image match. Per-environment compliance policy weighting is applied to prioritize the finding within each customer org, and routing to the correct team inbox is available based on each organization's configured ownership rules.

Available
Patch

A patched-image rebuild targeting Gladinet Triofox 17.3.10565.57509 is available on HarborGuard for any environment where an affected version is detected. For customers who opt into auto-remediation, HarborGuard is capable of performing the rebuild, running a regression test suite against the new image, and opening a pull request against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the Triofox HTTP service over the network and send a request to a /status or /sysinfo path to trigger the crash.

  • AuthenticationNot required

    No credentials or account are needed; the vulnerable code path is reachable by any unauthenticated HTTP request to the affected URL patterns.

  • Victim interactionNot required

    No user action is required; the attacker triggers the crash by sending the malformed request directly to the server.

  • Attack complexityDetail

    Attack complexity is low: the exploit is reliable and condition-free, requiring only a single well-formed HTTP request with no race conditions or environmental dependencies.

Blast Radius

  • The Triofox server process crashes upon receiving a request to /status or /sysinfo, terminating service availability for all connected users.
  • No data is read or exfiltrated during exploitation; confidentiality and integrity of stored data are unaffected.
  • Repeated requests allow an attacker to keep the service in a crashed or restart loop, sustaining the denial of service indefinitely.
  • All clients relying on the Triofox file-sharing service lose access for the duration of the outage.

How HarborGuard Handles This

Available on HarborGuard: detection fires within minutes of CVE publication for any image containing an affected Triofox version, with CVSS 7.5 HIGH severity surfaced automatically. For customers who opt into auto-remediation, HarborGuard is capable of rebuilding the affected image at the fixed version 17.3.10565.57509, running a regression test pass, and opening a pull request against affected workloads; for HIGH-severity issues, median time from CVE publication to merged patch PR is around 90 minutes in environments with auto-remediation enabled. Where auto-remediation is not enabled, the rebuilt image is available for manual promotion through the normal review and deploy workflow. Network-policy isolation of the Triofox service (restricting inbound HTTP access to known source CIDRs) is a viable compensating control to reduce exposure until the patched image is deployed.

See how HarborGuard automates this

Metrics

CVSS v3.1
7.5
Severity
HIGH
Fixed in
17.3.10565.57509
Affected Products
1

Fix available

17.3.10565.57509
Affected packages
  • Gladinet / Triofox
    < 17.3.10565.57509 (from 0)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References