CVE-2026-8359
BaseFortify
Publication date: 2026-05-27
Last updated on: 2026-05-27
Assigner: Tenable Network Security, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs when a request is processed with a URL path starting with /status or /sysinfo. The system attempts to load a module called WOSHttpStatusModule.dll to handle these URL patterns. However, this DLL is missing from the installation. Because of this, the function pointer to WOSBin_LoadHttpModule, which should be in the DLL's export table, is set to NULL. This leads to the system attempting to call a function at address 0, which is invalid.
How can this vulnerability impact me? :
The vulnerability has a CVSS v3.1 base score of 7.5 with the vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating it can be exploited remotely without privileges or user interaction and results in a high impact on availability. Specifically, since the function pointer is NULL and a call is made to address 0, this can cause a denial of service by crashing the application or service handling the requests.