CVE-2026-8361
Deferred Deferred - Pending Action
Path Traversal in WOSDefaultHttpModule

Publication date: 2026-05-27

Last updated on: 2026-05-29

Assigner: Tenable Network Security, Inc.

Description
A path traversal vulnerability exists in WOSDefaultHttpModule.dll when processing a URL path starting with /woshome
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-05-29
Generated
2026-06-17
AI Q&A
2026-05-28
EPSS Evaluated
2026-06-15
NVD
CVE-2026-8361
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
gladinet triofox_server_agent to 17.1.10488.57063 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-23 The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-8361 is a path traversal vulnerability found in the Gladinet Triofox Server Agent, specifically in the WOSDefaultHttpModule.dll component. It occurs when processing URL paths that start with /woshome. Due to insufficient path sanitization, an unauthenticated remote attacker can manipulate the URL to traverse directories on the server and access arbitrary files.

For example, an attacker can craft a malicious request like http://<target-host>:7878/woshome/../../../../../../../../../../windows/win.ini to read sensitive files such as the Windows system file win.ini.

Impact Analysis

This vulnerability allows an unauthenticated attacker to read sensitive files on the affected server, leading to a high impact on confidentiality. However, it does not affect the integrity or availability of the system.

An attacker could gain access to sensitive configuration or system files, which might contain information useful for further attacks or unauthorized access.

Detection Guidance

This vulnerability can be detected by attempting to access sensitive files on the server through crafted URL paths that exploit the path traversal flaw. For example, sending HTTP requests to URLs starting with /woshome followed by directory traversal sequences can reveal if the server is vulnerable.

  • Use curl or similar tools to send a request like: curl http://<target-host>:7878/woshome/../../../../../../../../../../windows/win.ini
  • Monitor network traffic for suspicious requests containing /woshome with traversal patterns (../) that attempt to access files outside the intended directory.
Mitigation Strategies

The immediate mitigation step is to upgrade the Gladinet Triofox Server Agent to version 17.3.10565.57509 or later, where this vulnerability has been fixed.

Until the upgrade can be applied, restrict access to the affected service by limiting network exposure, such as firewall rules blocking external access to port 7878.

Additionally, monitor logs for suspicious path traversal attempts and consider implementing web application firewall (WAF) rules to block malicious URL patterns targeting /woshome.

Compliance Impact

This vulnerability allows an unauthenticated remote attacker to access arbitrary files on the server, including sensitive files, due to insufficient path sanitization. Such unauthorized access to sensitive data can lead to breaches of confidentiality.

Because the vulnerability impacts confidentiality by exposing sensitive information, it could potentially lead to non-compliance with data protection regulations and standards such as GDPR and HIPAA, which require safeguarding personal and sensitive data against unauthorized access.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-8361. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart