How is CVE-2026-8364 exploited?

Network reachability (required): The attacker must reach TCP port 7878 on the host running GladServerAgentService.exe over the network; any system with network access to that port is within scope. Authentication (not-required): No credentials of any kind are required; the affected HTTP endpoints accept unauthenticated requests from any caller. Victim interaction (not-required): No user action or social engineering is needed; the attacker sends HTTP requests directly to the service without any victim involvement. Attack complexity (info): Attack complexity is low, meaning the exploit is reliable and requires no special conditions, race timing, or knowledge of the target environment beyond network access.

What is the impact of CVE-2026-8364?

Reads sensitive configuration, system information, scheduling data, and cached file paths exposed by the /sysinfo, /Settings, /schedule, and /DavCache endpoints. Modifies persisted settings and cached data via writable endpoints, enabling tampering with server behavior or stored file references. Disrupts availability of the Cloud Server Agent service, potentially taking file-sharing and sync operations offline for connected users. Combines confidentiality and integrity access to pivot further into the host or connected storage back-ends using harvested configuration secrets.

Back to search

CRITICALCVE-2026-8364Published 2026-05-27Modified 2026-05-28CNA tenable

CVE-2026-8364: Gladinet Triofox Missing Authentication for Critical Functions

Gladinet Triofox Cloud Server Agent Access Service (GladServerAgentService.exe) listens on TCP port 7878 and processes remote HTTP messages with URL paths starting with /resources, /status, /sysinfo, /woshome, /Settings, /schedule, or /DavCache.

HarborGuard Analysis

HarborGuard analysis

Synopsis

Authentication bypass (missing authentication for critical functions) affects Gladinet Triofox Cloud Server Agent Access Service (GladServerAgentService.exe). The service listens on TCP port 7878 and processes unauthenticated remote HTTP requests to several sensitive URL paths, reachable over the network with no credentials or user interaction required, as reflected in the CVSS vector (AV:N/PR:N/UI:N). Successful exploitation gives an attacker full read, write, and availability impact against the affected host. A patched-image rebuild at version 17.3.10565.57509 is available on HarborGuard for affected environments.

HarborGuard Coverage

Detection

Detection of CVE-2026-8364 is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against all images in customer registries and CI/CD pipelines, including custom-built images that bundle Gladinet Triofox components. Coverage applies regardless of where the image was built or how it was tagged.

Available

Triage

HarborGuard is capable of scoring this CVE at CVSS 9.8 Critical and weighting it against each environment's compliance policy to determine urgency. Triage results are routed to the appropriate team inbox within each customer organization based on configured ownership rules.

Available

Patch

A patched-image rebuild at Triofox version 17.3.10565.57509 is available on HarborGuard for any environment running an affected version. For customers who opt into auto-remediation, HarborGuard can perform the rebuild, run a regression test suite, and open a pull request against affected workloads automatically.

Available

Exploit Conditions

Network reachabilityRequired
The attacker must reach TCP port 7878 on the host running GladServerAgentService.exe over the network; any system with network access to that port is within scope.
AuthenticationNot required
No credentials of any kind are required; the affected HTTP endpoints accept unauthenticated requests from any caller.
Victim interactionNot required
No user action or social engineering is needed; the attacker sends HTTP requests directly to the service without any victim involvement.
Attack complexityDetail
Attack complexity is low, meaning the exploit is reliable and requires no special conditions, race timing, or knowledge of the target environment beyond network access.

Blast Radius

Reads sensitive configuration, system information, scheduling data, and cached file paths exposed by the /sysinfo, /Settings, /schedule, and /DavCache endpoints.
Modifies persisted settings and cached data via writable endpoints, enabling tampering with server behavior or stored file references.
Disrupts availability of the Cloud Server Agent service, potentially taking file-sharing and sync operations offline for connected users.
Combines confidentiality and integrity access to pivot further into the host or connected storage back-ends using harvested configuration secrets.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-8364 is active as of ingestion, and a patched-image rebuild targeting Triofox 17.3.10565.57509 is ready for any environment found running an affected version. For customers who opt into auto-remediation, HarborGuard can trigger a rebuild, execute regression tests, and open a pull request against affected workloads; median time from CVE publication to merged patch PR for critical-severity issues is around 90 minutes in environments with auto-remediation enabled. Where compliance policy does not permit auto-remediation, the finding is surfaced in the triage queue with CVSS 9.8 Critical severity so teams can prioritize manual remediation. Until the patched image is deployed, network-policy isolation of TCP port 7878 (restricting access to trusted internal hosts only) is a recommended compensating control to reduce the exposed attack surface.

See how HarborGuard automates this

CVSS v3.1: 9.8
Severity: CRITICAL
Fixed in: 17.3.10565.57509
Affected Products: 1

Fix available

17.3.10565.57509

Affected packages

Gladinet / Triofox
< 17.3.10565.57509 (from 0)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

tenable.com

HarborGuard Analysis

Synopsis

HarborGuard Coverage

Exploit Conditions

Blast Radius

How HarborGuard Handles This

Metrics

Fix available