CVE-2026-8364

Vulnerability

Gladinet Triofox Cloud Server Agent Access Service (GladServerAgentService.exe) listens on TCP port 7878 and processes remote HTTP messages with URL paths starting with /resources, /status, /sysinfo, /woshome, /Settings, /schedule, or /DavCache. The /resources endpoint lacks authentication, allowing an unauthenticated remote attacker to list, view, add, change, and delete files on the Triofox Drive (i.e., M:) mapped on the Server Agent host. This affects version 17.1.10488.57063 and potentially earlier versions [1].

Exploitation

An attacker with network access to the target on port 7878 can send crafted HTTP requests to the /resources endpoint. No authentication or prior user interaction is required. For example, a PROPFIND request can list directory contents, a simple GET retrieves file content, and PUT can upload arbitrary files to published shares. Some operations may trigger authenticated communications with the Triofox web portal using the credentials of the user logged into the Server Agent Management Console [1].

Impact

Successful exploitation allows the attacker to achieve arbitrary file read, write, and deletion on the Triofox Drive. This can lead to data exfiltration, malware upload, or destruction of critical files. Combined with the authenticated portal interactions, lateral movement or privilege escalation may be possible. The vulnerability is rated Critical (CVSS 9.8) due to network access, no privileges required, and high impact on confidentiality, integrity, and availability [1].

Mitigation

As of the publication date (2026-05-27), no patch or workaround has been disclosed in the available references. Affected users should restrict network access to TCP port 7878 to trusted hosts only, and monitor vendor updates for a fixed version [1].