Description
A stack-based buffer overflow condition exists in WOSDefaultHttpModule.dll when processing a long URL path starting with /woshome
Published: 2026-05-27
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A stack-based buffer overflow (CWE‑121) in the WOSDefaultHttpModule.dll component is triggered when the server processes a URL path that exceeds normal length requirements and begins with /woshome. This overflow can corrupt the call stack and potentially allow an attacker to execute arbitrary machine code on the host, posing a severe risk to system integrity and availability.

Affected Systems

Gladinet Triofox systems are affected. No specific version information is publicly available, so all deployed instances of Triofox should be considered at risk until a vendor fix is applied.

Risk and Exploitability

The CVSS score of 9.8 signals a critical vulnerability. There is no EPSS score available and the issue is not listed in the CISA KEV catalog, but the high magnitude of the CVSS score alone indicates a significant threat surface. The most probable attack vector is remote, via a specially crafted HTTP request containing an excessively long URL path starting with /woshome, as inferred from the description.

Generated by OpenCVE AI on May 27, 2026 at 22:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Acquire and install any Gladinet Triofox patch or update that addresses the buffer overflow in WOSDefaultHttpModule.dll as soon as one becomes available.
  • Restrict or block access to the /woshome endpoint from untrusted or external sources by configuring firewall rules or access controls, limiting the exposure to the vulnerability.
  • Deploy a web application firewall or equivalent security appliance to detect and reject overly long URLs, thereby preventing the overflow condition from being triggered.

Generated by OpenCVE AI on May 27, 2026 at 22:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 28 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 28 May 2026 01:45:00 +0000

Type Values Removed Values Added
First Time appeared Gladinet
Gladinet triofox
Vendors & Products Gladinet
Gladinet triofox

Wed, 27 May 2026 20:15:00 +0000

Type Values Removed Values Added
Description A stack-based buffer overflow condition exists in WOSDefaultHttpModule.dll when processing a long URL path starting with /woshome
Title Gladinet Triofox Stack-based Buffer Overflow in WOSDefaultHttpModule.dll
Weaknesses CWE-121
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Gladinet Triofox
cve-icon MITRE

Status: PUBLISHED

Assigner: tenable

Published:

Updated: 2026-05-28T13:27:02.062Z

Reserved: 2026-05-11T19:17:40.997Z

Link: CVE-2026-8362

cve-icon Vulnrichment

Updated: 2026-05-27T20:19:21.987Z

cve-icon NVD

Status : Deferred

Published: 2026-05-27T20:16:42.993

Modified: 2026-05-29T20:26:29.583

Link: CVE-2026-8362

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T01:30:03Z

Weaknesses