CVE-2026-8364
Remote Code Execution in Gladinet Triofox Cloud Server Agent
Publication date: 2026-05-27
Last updated on: 2026-05-27
Assigner: Tenable Network Security, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gladinet | triofox_cloud_server_agent | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability exists in the Gladinet Triofox Cloud Server Agent Access Service (GladServerAgentService.exe), which listens on TCP port 7878 and processes remote HTTP messages with specific URL paths such as /resources, /status, /sysinfo, /woshome, /Settings, /schedule, or /DavCache.
Given the high CVSS score of 9.8 with network attack vector, low attack complexity, no privileges or user interaction required, and impacts on confidentiality, integrity, and availability, this suggests a critical remote code execution or similar severe vulnerability allowing an attacker to fully compromise the service remotely.
How can this vulnerability impact me? :
This vulnerability can have a severe impact as it allows an attacker to remotely exploit the Gladinet Triofox Cloud Server Agent Access Service without any privileges or user interaction.
- Complete compromise of confidentiality, allowing unauthorized access to sensitive data.
- Complete compromise of integrity, enabling attackers to modify or corrupt data.
- Complete compromise of availability, potentially causing denial of service or disruption of the service.