PatchSiren cyber security CVE debrief

CVE-2026-8359 Gladinet CVE debrief

A NULL pointer dereference vulnerability exists in an unspecified product's HTTP request handling. When processing requests to URL paths beginning with `/status` or `/sysinfo`, the application attempts to load `WOSHttpStatusModule.dll` and call its `WOSBin_LoadHttpModule` export function. Because the DLL is not present in the installation, the function pointer remains NULL, leading to a call at address 0 and subsequent denial of service. The vulnerability is remotely exploitable without authentication and has been assigned a CVSS 3.1 score of 7.5 (HIGH). Tenable published technical research on this issue on May 27, 2026.

Vendor: Gladinet
Product: Triofox
CVSS: HIGH 7.5
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-05-27
Original CVE updated: 2026-05-27
Advisory published: 2026-05-27
Advisory updated: 2026-05-27

Who should care

System administrators managing web applications or embedded HTTP servers; security teams responsible for availability protection; developers working with modular HTTP handler architectures

Technical summary

The vulnerability stems from improper handling of a missing dynamic-link library during HTTP request processing. The application code attempts to dynamically load `WOSHttpStatusModule.dll` and retrieve the address of `WOSBin_LoadHttpModule` from its export table. When the DLL is absent, the load operation fails but the code proceeds to call the resulting NULL function pointer. This causes an access violation at address 0x00000000, typically resulting in process termination. The affected URL patterns (`/status` and `/sysinfo`) suggest this is intended to be administrative or diagnostic functionality that was not properly secured or validated during deployment.

Defensive priority

HIGH

Recommended defensive actions

Identify systems that process HTTP requests to paths starting with /status or /sysinfo and verify whether WOSHttpStatusModule.dll is present in the installation directory
Apply vendor patches when available, or implement request filtering to block access to /status and /sysinfo endpoints at the network perimeter if the functionality is not required
Monitor application crash logs and system event logs for unexpected process terminations that may indicate exploitation attempts
Review application configuration to disable or remove references to WOSHttpStatusModule if the status/sysinfo functionality is not needed
Implement defense-in-depth controls such as Web Application Firewalls (WAFs) with rules to detect and block requests to vulnerable URL patterns

Evidence notes

The vulnerability description indicates missing DLL handling in HTTP module loading. The CWE-476 (NULL Pointer Dereference) classification from Tenable's research supports this technical analysis. The CVSS vector (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) confirms network accessibility without authentication requirements.

Official resources

2026-05-27