Null Pointer Dereference Vulnerability in Triofox Server Agent Management Console
CVE-2026-8360

7.5HIGH

Key Information:

Vendor: Gladinet
Status: Triofox
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-8360?

The Triofx Server Agent Management Console is susceptible to a null pointer dereference vulnerability due to unverified function calls to WOSCommonUtil.dll!WOSSysInfoGetDeviceInterface(). If no user is logged into the console, the function returns a NULL pointer, which is subsequently dereferenced without proper checks. This oversight poses a risk for potential crashes and service disruptions, urging users to remain vigilant and apply necessary mitigations.

Affected Version(s)

Triofox 0 < 17.3.10565.57509

References

https://www.tenable.com/security/research/TRA-2026-45

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
May 11, 2026

CVE-2026-8360 Data

JSON

Gladinet

What is CVE-2026-8360?

Affected Version(s)

References

CVSS V3.1

Timeline