CVE-2026-8362

Vulnerability

A stack-based buffer overflow exists in WOSDefaultHttpModule.dll within Gladinet Triofox Server Agent version 17.1.10488.57063. The vulnerability is triggered when the service processes an HTTP request with an overly long URL path that begins with /woshome. The service listens on TCP port 7878 and accepts unauthenticated HTTP messages, making the code path reachable without any prior authentication [1].

Exploitation

An unauthenticated remote attacker can send a specially crafted HTTP request to the target server on port 7878, providing a long URL path starting with /woshome. The oversized input overflows a fixed-size stack buffer in WOSDefaultHttpModule.dll, potentially overwriting critical control data. No user interaction or special network position is required beyond network access to the service [1].

Impact

Successful exploitation allows the attacker to achieve arbitrary code execution in the context of the Gladinet Triofox Server Agent service. Given the critical CVSS score of 9.8, the impact is complete compromise of confidentiality, integrity, and availability of the affected system [1].

Mitigation

As of the publication date (2026-05-27), no official patch or workaround has been disclosed in the available reference. Users should monitor vendor advisories for an updated version that addresses this vulnerability. The affected version 17.1.10488.57063 is the only confirmed vulnerable build [1].