HarborGuard / CVE
Back to search
HIGHCVE-2026-8361Published Modified CNA tenable

CVE-2026-8361: Gladinet Triofox Path Traversal in WOSDefaultHttpModule.dll

A path traversal vulnerability exists in WOSDefaultHttpModule.dll when processing a URL path starting with /woshome

HarborGuard Analysis

HarborGuard analysis

Synopsis

A path traversal vulnerability exists in Gladinet Triofox, specifically in the WOSDefaultHttpModule.dll component when processing URL paths that begin with /woshome. The flaw is reachable over the network with no authentication or user interaction required, as reflected in the CVSS vector (AV:N/AC:L/PR:N/UI:N). Successful exploitation allows an attacker to read files outside the intended directory, disclosing sensitive data stored on the server. A patched-image rebuild at version 17.3.10565.57509 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection of CVE-2026-8361 is available across every HarborGuard environment; the CVE is ingested from upstream feeds within minutes of publication and matched against customer images in connected registries and CI/CD pipelines, including custom-built images that bundle Triofox components.

Available
Triage

HarborGuard scores this CVE at 7.5 HIGH using the CVSS v3.1 vector and is capable of weighting that score against each customer environment's compliance policy to route alerts to the appropriate team inbox within the org.

Available
Patch

A patched-image rebuild at Triofox version 17.3.10565.57509 becomes available on HarborGuard the moment the fix is confirmed against the upstream advisory. For customers who opt into auto-remediation, HarborGuard rebuilds the image, runs a regression test suite, and opens a PR against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The vulnerable component is exposed over the network; an attacker must be able to send HTTP requests to the Triofox service to trigger the path traversal.

  • AuthenticationNot required

    No credentials or session token are needed; the malicious request can be sent by any unauthenticated party.

  • Victim interactionNot required

    No user action is required; the attacker sends a crafted request directly to the service without any victim involvement.

  • Attack complexityDetail

    Exploitation is reliable and condition-free; no race conditions, special memory layout, or environmental prerequisites are needed to trigger the vulnerability.

Blast Radius

  • An attacker reads files outside the intended web root by supplying a crafted /woshome URL path containing traversal sequences.
  • Exposed files may include configuration files, credential stores, or other sensitive server-side data depending on the deployment layout.
  • Because no authentication barrier exists, any internet-reachable Triofox instance is a viable target without prior access.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-8361 is active across all connected registries and pipelines, matching any image that bundles a Gladinet Triofox version below 17.3.10565.57509. Where compliance policy permits, a rebuilt image at the fix version is prepared automatically; for customers with auto-remediation enabled, HarborGuard rebuilds the image, executes regression tests, and opens a PR against affected workloads. The median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes for environments with auto-remediation enabled. Customers who have not yet enabled auto-remediation can use the HarborGuard dashboard to review affected images, confirm the fix version, and trigger a manual rebuild.

See how HarborGuard automates this

Metrics

CVSS v3.1
7.5
Severity
HIGH
Fixed in
17.3.10565.57509
Affected Products
1

Fix available

17.3.10565.57509
Affected packages
  • Gladinet / Triofox
    < 17.3.10565.57509 (from 0)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
References