How is CVE-2026-8362 exploited?

Network reachability (required): The attacker must reach the Triofox service over the network; no local access or physical proximity is needed. Authentication (not-required): No credentials or account of any privilege level are needed to trigger the overflow. Victim interaction (not-required): The attacker sends a crafted HTTP request directly to the service; no user action is required. Attack complexity (info): Attack complexity is low, meaning the exploit is reliable and requires no special environmental conditions, race timing, or memory-layout knowledge.

What is the impact of CVE-2026-8362?

An attacker can read any data accessible to the Triofox service process, including stored credentials, session tokens, and file content. An attacker can write or modify data handled by the service, including file system objects and configuration state. An attacker can crash the Triofox service or, more likely given the overflow class, execute arbitrary code with the privileges of the running process. If the Triofox process runs with elevated or SYSTEM-level privileges, full host compromise is within scope of a successful exploit.

Back to search

CRITICALCVE-2026-8362Published 2026-05-27Modified 2026-05-28CNA tenable

CVE-2026-8362: Gladinet Triofox Stack-based Buffer Overflow in WOSDefaultHttpModule.dll

A stack-based buffer overflow condition exists in WOSDefaultHttpModule.dll when processing a long URL path starting with /woshome

HarborGuard Analysis

HarborGuard analysis

Synopsis

A stack-based buffer overflow exists in WOSDefaultHttpModule.dll, a component of Gladinet Triofox, triggered by sending a crafted HTTP request with an oversized URL path beginning with /woshome. The vulnerability is reachable over the network without any authentication or user interaction, based on the CVSS vector (AV:N/AC:L/PR:N/UI:N). Successful exploitation gives an attacker full read, write, and availability impact on the affected system, including the ability to execute arbitrary code. A patched-image rebuild at version 17.3.10565.57509 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection of CVE-2026-8362 is available across every HarborGuard environment, with the CVE matched against customer images within minutes of publication from upstream advisory feeds, including custom-built images that bundle Gladinet Triofox. Coverage extends to both registry scans and active CI/CD pipeline checks.

Available

Triage

HarborGuard is capable of scoring this CVE at CVSS 9.8 Critical and surfacing it with per-environment compliance policy weighting, so findings are routed to the appropriate team inbox inside each customer organization based on configured severity thresholds and workload ownership rules.

Available

Patch

A patched-image rebuild at Gladinet Triofox version 17.3.10565.57509 is available on HarborGuard for any environment where an affected image is detected. For customers who opt into auto-remediation, HarborGuard can perform the rebuild, run regression tests, and open a pull request against affected workloads automatically.

Available

Exploit Conditions

Network reachabilityRequired
The attacker must reach the Triofox service over the network; no local access or physical proximity is needed.
AuthenticationNot required
No credentials or account of any privilege level are needed to trigger the overflow.
Victim interactionNot required
The attacker sends a crafted HTTP request directly to the service; no user action is required.
Attack complexityDetail
Attack complexity is low, meaning the exploit is reliable and requires no special environmental conditions, race timing, or memory-layout knowledge.

Blast Radius

An attacker can read any data accessible to the Triofox service process, including stored credentials, session tokens, and file content.
An attacker can write or modify data handled by the service, including file system objects and configuration state.
An attacker can crash the Triofox service or, more likely given the overflow class, execute arbitrary code with the privileges of the running process.
If the Triofox process runs with elevated or SYSTEM-level privileges, full host compromise is within scope of a successful exploit.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-8362 activates within minutes of CVE publication and matches against all customer images, including custom-built images bundling Gladinet Triofox. Given the Critical severity and unauthenticated network vector, this CVE is prioritized at the top of the triage queue under standard HarborGuard compliance policies. Where compliance policy permits auto-remediation, HarborGuard can rebuild affected images at the patched version 17.3.10565.57509, run a regression test suite, and open a pull request against affected workloads; median time from CVE publication to merged patch PR for critical-severity issues is around 90 minutes for environments with auto-remediation enabled. For teams not yet on auto-remediation, HarborGuard surfaces the finding immediately so engineers can manually trigger the rebuild or apply network-policy controls (such as restricting inbound access to the /woshome path at the ingress layer) as a compensating control until the upgrade is complete.

See how HarborGuard automates this

CVSS v3.1: 9.8
Severity: CRITICAL
Fixed in: 17.3.10565.57509
Affected Products: 1

Fix available

17.3.10565.57509

Affected packages

Gladinet / Triofox
< 17.3.10565.57509 (from 0)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

tenable.com

HarborGuard Analysis

Synopsis

HarborGuard Coverage

Exploit Conditions

Blast Radius

How HarborGuard Handles This

Metrics

Fix available