CVE-2026-8361

Vulnerability

A path traversal vulnerability exists in WOSDefaultHttpModule.dll when processing a URL path starting with /woshome. This DLL is part of the Gladinet Triofox Server Agent Access Service (GladServerAgentService.exe) which listens on TCP port 7878. The vulnerability affects version 17.1.10488.57063 and possibly earlier builds. The code path is reachable without authentication; the attacker only needs network access to port 7878.

Exploitation

An unauthenticated remote attacker can send crafted HTTP requests to the /woshome resource with path traversal sequences (e.g., ../) to escape the intended web root directory. No prior authentication or user interaction is required. The Tenable research advisory [1] notes that the same service also exposes other endpoints such as /resources that allow file listing and modification; however, the traversal in /woshome specifically allows access to files outside the service's designated base folder.

Impact

Successful exploitation allows an attacker to read arbitrary files from the server filesystem, potentially including configuration files with credentials, and—if the server process writes are possible—write or delete arbitrary files. This can lead to full server compromise, depending on the privilege level of the service account running the Access Service. The CIA impact is high: confidentiality (file disclosure), integrity (file modification/deletion), and availability (potential denial by deleting critical files).

Mitigation

Gladinet has not yet released a public patch for this vulnerability as of the publication date. Tenable recommends restricting network access to port 7878 to trusted internal hosts only. If the Triofox Server Agent is not required to be remotely accessible, the service should be disabled or firewalled off from the internet. No known KEV listing exists at this time. Users should monitor vendor updates for a fixed version.

[1]: https://www.tenable.com/security/research/TRA-2026-45