Remote Code Execution in Gladinet Triofox Cloud Server Agent Access Service
CVE-2026-8364

9.8CRITICAL

Key Information:

Vendor: Gladinet
Status: Triofox
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-8364?

The Gladinet Triofox Cloud Server Agent, specifically the GladServerAgentService.exe, is susceptible to exploitation due to improper handling of remote HTTP messages. It listens on TCP port 7878, allowing attackers to send specially crafted requests to specific URL paths, including /resources, /status, /sysinfo, /woshome, /Settings, /schedule, and /DavCache. This vulnerability can lead to unauthorized access and potential compromise of sensitive information within the server, necessitating immediate attention and mitigation strategies.

Affected Version(s)

Triofox 0 < 17.3.10565.57509

References

https://www.tenable.com/security/research/TRA-2026-45

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
May 11, 2026

CVE-2026-8364 Data

JSON