CVE-2026-8361
Path Traversal in WOSDefaultHttpModule
Publication date: 2026-05-27
Last updated on: 2026-05-27
Assigner: Tenable Network Security, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gladinet | triofox_server_agent | to 17.1.10488.57063 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-23 | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-8361 is a path traversal vulnerability found in the Gladinet Triofox Server Agent, specifically in the WOSDefaultHttpModule.dll component. It occurs when processing URL paths that start with /woshome. Due to insufficient path sanitization, an unauthenticated remote attacker can manipulate the URL to traverse directories on the server and access arbitrary files.
For example, an attacker can craft a malicious request like http://<target-host>:7878/woshome/../../../../../../../../../../windows/win.ini to read sensitive files such as the Windows system file win.ini.
How can this vulnerability impact me? :
This vulnerability allows an unauthenticated attacker to read sensitive files on the affected server, leading to a high impact on confidentiality. However, it does not affect the integrity or availability of the system.
An attacker could gain access to sensitive configuration or system files, which might contain information useful for further attacks or unauthorized access.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to access sensitive files on the server through crafted URL paths that exploit the path traversal flaw. For example, sending HTTP requests to URLs starting with /woshome followed by directory traversal sequences can reveal if the server is vulnerable.
- Use curl or similar tools to send a request like: curl http://<target-host>:7878/woshome/../../../../../../../../../../windows/win.ini
- Monitor network traffic for suspicious requests containing /woshome with traversal patterns (../) that attempt to access files outside the intended directory.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the Gladinet Triofox Server Agent to version 17.3.10565.57509 or later, where this vulnerability has been fixed.
Until the upgrade can be applied, restrict access to the affected service by limiting network exposure, such as firewall rules blocking external access to port 7878.
Additionally, monitor logs for suspicious path traversal attempts and consider implementing web application firewall (WAF) rules to block malicious URL patterns targeting /woshome.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows an unauthenticated remote attacker to access arbitrary files on the server, including sensitive files, due to insufficient path sanitization. Such unauthorized access to sensitive data can lead to breaches of confidentiality.
Because the vulnerability impacts confidentiality by exposing sensitive information, it could potentially lead to non-compliance with data protection regulations and standards such as GDPR and HIPAA, which require safeguarding personal and sensitive data against unauthorized access.