CVE-2026-8363 - Vulnerability Details - OpenCVE

A stack-based buffer overflow condition exists in WOSDeviceDropFolder.dll when processing a long URL path starting with /resources:

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation poc

Automatable yes

Technical Impact total

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Gladinet

Triofox

unaffected

Version	Status	Constraints
`0`	affected	< 17.3.10565.57509

No data.

No data.

No data.

Project Subscriptions

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.tenable.com/security/research/TRA-2026-45

History

Wed, 27 May 2026 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 27 May 2026 20:15:00 +0000

Type	Values Removed	Values Added
Description		A stack-based buffer overflow condition exists in WOSDeviceDropFolder.dll when processing a long URL path starting with /resources:
Title		Gladinet Triofox Stack-based Buffer Overflow in WOSDeviceDropFolder.dll
Weaknesses		CWE-121
References		https://www.tenable.com/security/research/TRA-2026-45
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: tenable

Published: 2026-05-27T19:40:33.139Z

Updated: 2026-05-27T20:25:06.046Z

Reserved: 2026-05-11T19:17:41.665Z

Link: CVE-2026-8363

Vulnrichment

Updated: 2026-05-27T20:21:24.606Z

NVD

Status : Received

Published: 2026-05-27T20:16:43.190

Modified: 2026-05-27T21:16:19.597

Link: CVE-2026-8363

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-121

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-8363", "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "state": "PUBLISHED", "assignerShortName": "tenable", "dateReserved": "2026-05-11T19:17:41.665Z", "datePublished": "2026-05-27T19:40:33.139Z", "dateUpdated": "2026-05-27T20:25:06.046Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable", "dateUpdated": "2026-05-27T19:50:01.823Z"}, "title": "Gladinet Triofox Stack-based Buffer Overflow in WOSDeviceDropFolder.dll", "datePublic": "2026-05-27T20:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-121", "description": "CWE-121 Stack-based buffer overflow", "type": "CWE"}]}], "affected": [{"vendor": "Gladinet", "product": "Triofox", "versions": [{"status": "affected", "version": "0", "lessThan": "17.3.10565.57509", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "A stack-based buffer overflow condition exists in WOSDeviceDropFolder.dll when processing a long URL path starting with /resources:", "supportingMedia": [{"type": "text/html", "base64": false, "value": "A stack-based buffer overflow condition exists in WOSDeviceDropFolder.dll when processing a long URL path starting with /resources:"}]}], "references": [{"url": "https://www.tenable.com/security/research/TRA-2026-45"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "CRITICAL", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.2"}}, "adp": [{"references": [{"url": "https://www.tenable.com/security/research/TRA-2026-45", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-05-27T20:21:21.933919Z", "id": "CVE-2026-8363", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-27T20:25:06.046Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-8363", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-05-27T20:21:21.933919Z"}}}], "references": [{"url": "https://www.tenable.com/security/research/TRA-2026-45", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-27T20:21:24.606Z"}}], "cna": {"title": "Gladinet Triofox Stack-based Buffer Overflow in WOSDeviceDropFolder.dll", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Gladinet", "product": "Triofox", "versions": [{"status": "affected", "version": "0", "lessThan": "17.3.10565.57509", "versionType": "semver"}], "defaultStatus": "unaffected"}], "datePublic": "2026-05-27T20:00:00.000Z", "references": [{"url": "https://www.tenable.com/security/research/TRA-2026-45"}], "x_generator": {"engine": "Vulnogram 1.0.2"}, "descriptions": [{"lang": "en", "value": "A stack-based buffer overflow condition exists in WOSDeviceDropFolder.dll when processing a long URL path starting with /resources:", "supportingMedia": [{"type": "text/html", "value": "A stack-based buffer overflow condition exists in WOSDeviceDropFolder.dll when processing a long URL path starting with /resources:", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "CWE-121 Stack-based buffer overflow"}]}], "providerMetadata": {"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable", "dateUpdated": "2026-05-27T19:50:01.823Z"}}}, "cveMetadata": {"cveId": "CVE-2026-8363", "state": "PUBLISHED", "dateUpdated": "2026-05-27T20:25:06.046Z", "dateReserved": "2026-05-11T19:17:41.665Z", "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "datePublished": "2026-05-27T19:40:33.139Z", "assignerShortName": "tenable"}, "dataVersion": "5.2"}