How is CVE-2026-8360 exploited?

Network reachability (required): The vulnerable code path is exposed over the network, so an attacker must be able to reach the Triofox service on its listening port. Authentication (not-required): No credentials or session token are needed; the NULL dereference can be triggered by an unauthenticated request when no user is logged into the Triofox Server Agent Management Console. Victim interaction (not-required): No user action is required; the attacker sends a crafted request directly to the service without any social-engineering step. Attack complexity (info): Attack complexity is low, meaning the exploit is reliable and requires no special environmental conditions, race conditions, or memory layout knowledge.

What is the impact of CVE-2026-8360?

Crashes the Triofox server process, taking the file-sharing and remote-access service offline for all connected users. Repeated requests can keep the service unavailable indefinitely, effectively acting as a sustained denial-of-service attack. No confidential data is read and no stored data is modified; impact is limited to availability of the Triofox service.

Back to search

HIGHCVE-2026-8360Published 2026-05-27Modified 2026-05-27CNA tenable

CVE-2026-8360: Gladinet Triofox Unchecked Return Value to NULL Pointer Dereference DOS

Function calls to WOSCommonUtil.dll!WOSSysInfoGetDeviceInterface() in various DLLs (i.e., WOSProfileMgrModule.dll, WOSWebDavModule.dll) can return a NULL pointer (i.e., when no user is logged into the Triofox Server Agent Management Console). The returned NULL pointer is not checked before being dereferenced.

HarborGuard Analysis

HarborGuard analysis

Synopsis

A NULL pointer dereference vulnerability affects Gladinet Triofox, a file-sharing and remote access server product. The flaw is reachable over the network without any authentication or user interaction, triggered when function calls inside WOSCommonUtil.dll return a NULL pointer that is subsequently dereferenced without a validity check. Successful exploitation crashes the Triofox service, causing a denial of service. A patched-image rebuild at version 17.3.10565.57509 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection of CVE-2026-8360 is available across every HarborGuard environment, with ingestion from upstream advisory feeds occurring within minutes of publication and matching performed against all customer registry images and CI/CD pipeline images, including internally built custom images. Any image containing a Triofox installation below version 17.3.10565.57509 is flagged automatically.

Available

Triage

HarborGuard scores this CVE at 7.5 HIGH using the published CVSS v3.1 vector and weights it against each customer environment's compliance policy to determine priority and routing. Findings are directed to the appropriate team inbox within each customer organization based on image ownership and policy configuration.

Available

Patch

A patched-image rebuild pinned to Triofox version 17.3.10565.57509 becomes available on HarborGuard once an affected image is detected. For customers who opt into auto-remediation, HarborGuard triggers a rebuild, runs a regression test suite against the updated image, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

Network reachabilityRequired
The vulnerable code path is exposed over the network, so an attacker must be able to reach the Triofox service on its listening port.
AuthenticationNot required
No credentials or session token are needed; the NULL dereference can be triggered by an unauthenticated request when no user is logged into the Triofox Server Agent Management Console.
Victim interactionNot required
No user action is required; the attacker sends a crafted request directly to the service without any social-engineering step.
Attack complexityDetail
Attack complexity is low, meaning the exploit is reliable and requires no special environmental conditions, race conditions, or memory layout knowledge.

Blast Radius

Crashes the Triofox server process, taking the file-sharing and remote-access service offline for all connected users.
Repeated requests can keep the service unavailable indefinitely, effectively acting as a sustained denial-of-service attack.
No confidential data is read and no stored data is modified; impact is limited to availability of the Triofox service.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-8360 is active across all connected registries and pipelines, matching any image that carries a vulnerable Triofox installation below 17.3.10565.57509. Given the HIGH severity rating and the zero-authentication network attack surface, this CVE is routed at elevated priority within each environment's compliance policy. A patched-image rebuild at version 17.3.10565.57509 is available; for customers who opt into auto-remediation, HarborGuard performs the rebuild, runs regression tests, and opens a pull request against affected workloads, with a median time from CVE publication to merged patch PR of around 90 minutes for high-severity issues in environments with auto-remediation enabled. Customers who manage remediation manually can pull the flagged finding directly from their HarborGuard dashboard and apply the upstream fix at their own change-control cadence.

See how HarborGuard automates this

CVSS v3.1: 7.5
Severity: HIGH
Fixed in: 17.3.10565.57509
Affected Products: 1

Fix available

17.3.10565.57509

Affected packages

Gladinet / Triofox
< 17.3.10565.57509 (from 0)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

tenable.com

HarborGuard Analysis

Synopsis

HarborGuard Coverage

Exploit Conditions

Blast Radius

How HarborGuard Handles This

Metrics

Fix available