CVE-2026-8363

Vulnerability

A stack-based buffer overflow condition exists in WOSDeviceDropFolder.dll when processing an overly long URL path that starts with /resources. The vulnerable component is part of Gladinet Triofox Server Agent version 17.1.10488.57063. The GladServerAgentService.exe listens on TCP port 7878 and accepts HTTP requests without authentication. Any URL path beginning with /resources triggers the overflow if the path length exceeds the fixed stack buffer size.

Exploitation

An unauthenticated remote attacker can send a crafted HTTP request to port 7878 with a long /resources URL. No prior authentication or user interaction is required. The attacker can leverage the overflow to overwrite the return address on the stack. By controlling the length and content of the path, the attacker can redirect execution to shellcode embedded in the request.

Impact

Successful exploitation yields arbitrary code execution under the privileges of the GladServerAgentService.exe process. This grants the attacker full control over the server agent host, including the ability to list, view, add, change, and delete files on the Triofox Drive (M:). The compromise does not require credentials, making it a critical risk for confidentiality, integrity, and availability [1].

Mitigation

As of the publication date (2026-05-27), no fixed version is mentioned in the advisory. The vendor, Gladinet, has not released a patch for version 17.1.10488.57063. Until a patch is available, administrators should restrict inbound access to TCP port 7878 to trusted networks only, or disable the service if not needed. This vulnerability is not listed on CISA KEV as of the advisory date.