Description
A path traversal vulnerability exists in WOSDefaultHttpModule.dll when processing a URL path starting with /woshome
Published: 2026-05-27
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A path traversal flaw in WOSDefaultHttpModule.dll permits an attacker to manipulate the request path and access files outside the intended directory when the URL begins with /woshome. The vulnerability can lead to disclosure of sensitive configuration files or other data stored on the server, thereby compromising confidentiality. The flaw stems from improper validation of user‑supplied path components, which is reflected by CWE‑23.

Affected Systems

The flaw affects Gladinet Triofox deployments, specifically the WOSDefaultHttpModule.dll component. No specific version ranges are listed in the CNA data; administrators should verify whether they are running any Triofox version that includes this module.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity. Though the EPSS score is not available, the absence of a KEV listing suggests active exploitation is not yet widespread, but the nature of the attack—remote HTTP request—means it can be triggered from anywhere on the network. The likely path to exploitation is an unauthenticated HTTP request to an affected URL; if the attacker can reach the device, they can read arbitrary files. Administrators should consider the risk high due to potential for data compromise.

Generated by OpenCVE AI on May 27, 2026 at 21:48 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest security update for Gladinet Triofox that addresses the WOSDefaultHttpModule.dll path traversal flaw.
  • Until a patch is available, block or filter incoming requests that contain the /woshome prefix using network filters or web‑application firewalls.
  • Configure the web server or file system permissions to prevent the traversal of parent directories from the exposed web root.
  • Continuously monitor web application logs for attempts to access disallowed paths and investigate any anomalies.

Generated by OpenCVE AI on May 27, 2026 at 21:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 28 May 2026 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Gladinet
Gladinet triofox
Vendors & Products Gladinet
Gladinet triofox

Wed, 27 May 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 27 May 2026 20:15:00 +0000

Type Values Removed Values Added
Description A path traversal vulnerability exists in WOSDefaultHttpModule.dll when processing a URL path starting with /woshome
Title Gladinet Triofox Path Traversal in WOSDefaultHttpModule.dll
Weaknesses CWE-23
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Gladinet Triofox
cve-icon MITRE

Status: PUBLISHED

Assigner: tenable

Published:

Updated: 2026-05-27T20:24:45.910Z

Reserved: 2026-05-11T19:17:39.846Z

Link: CVE-2026-8361

cve-icon Vulnrichment

Updated: 2026-05-27T20:24:37.319Z

cve-icon NVD

Status : Received

Published: 2026-05-27T20:16:42.853

Modified: 2026-05-27T21:16:19.493

Link: CVE-2026-8361

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T02:00:04Z

Weaknesses