Description
A stack-based buffer overflow condition exists in WOSDeviceDropFolder.dll when processing a long URL path starting with /resources:
Published: 2026-05-27
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A stack-based buffer overflow condition exists in the WOSDeviceDropFolder.dll component of the Gladinet Triofox. The vulnerability is triggered when the component processes a long URL path that begins with "/resources". If exploited, an attacker could overwrite the stack and potentially execute arbitrary code, leading to full compromise of the device or crash of the service. The flaw is a classic stack corruption scenario classified as CWE-121.

Affected Systems

The vulnerability affects the Gladinet Triofox product. No specific version information is provided, so all instances of Triofox that include the affected DLL are potentially impacted.

Risk and Exploitability

The CVSS score of 9.8 indicates a critical severity level, and while an EPSS score is not available, the lack of mitigation detail suggests the exploitation probability cannot be precisely quantified. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is a remote web request to the device using an excessively long path under "/resources", which would trigger the failure in the local processing of the request.

Generated by OpenCVE AI on May 27, 2026 at 21:49 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest patch or upgrade for the Gladinet Triofox product if available from the vendor.
  • If a patch is not yet released, configure the web server or device to reject HTTP requests that contain resource paths exceeding a safe length, effectively preventing the buffer overflow.
  • If the "/resources" endpoint is unused, disable or restrict access to it to eliminate the attack surface.
  • Monitor the device logs for repeated crash or abnormal behavior that may indicate exploitation attempts.
  • Ensure that any code that processes URLs performs bounds checking on path lengths before using them.

Generated by OpenCVE AI on May 27, 2026 at 21:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 28 May 2026 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Gladinet
Gladinet triofox
Vendors & Products Gladinet
Gladinet triofox

Wed, 27 May 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 27 May 2026 20:15:00 +0000

Type Values Removed Values Added
Description A stack-based buffer overflow condition exists in WOSDeviceDropFolder.dll when processing a long URL path starting with /resources:
Title Gladinet Triofox Stack-based Buffer Overflow in WOSDeviceDropFolder.dll
Weaknesses CWE-121
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Gladinet Triofox
cve-icon MITRE

Status: PUBLISHED

Assigner: tenable

Published:

Updated: 2026-05-28T03:56:00.635Z

Reserved: 2026-05-11T19:17:41.665Z

Link: CVE-2026-8363

cve-icon Vulnrichment

Updated: 2026-05-27T20:21:24.606Z

cve-icon NVD

Status : Received

Published: 2026-05-27T20:16:43.190

Modified: 2026-05-27T21:16:19.597

Link: CVE-2026-8363

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T02:00:04Z

Weaknesses