PatchSiren cyber security CVE debrief
CVE-2026-8361 Gladinet CVE debrief
A path traversal vulnerability in WOSDefaultHttpModule.dll allows unauthenticated remote attackers to read arbitrary files via a URL path beginning with /woshome. The vulnerability carries a HIGH severity CVSS 3.1 score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating network-accessible exploitation with low complexity, no privileges required, and high confidentiality impact. The affected component appears to be a Windows-based HTTP module, though the specific vendor and product remain unconfirmed in available sources. The vulnerability was disclosed via Tenable security research (TRA-2026-45) and entered into NVD on 2026-05-27. No known exploitation in ransomware campaigns has been reported, and the vulnerability is not listed in CISA KEV.
- Vendor
- Gladinet
- Product
- Triofox
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-27
- Original CVE updated
- 2026-05-27
- Advisory published
- 2026-05-27
- Advisory updated
- 2026-05-27
Who should care
Organizations running web servers with WOSDefaultHttpModule.dll loaded; security teams monitoring for path traversal attacks; incident responders investigating suspicious file access from web server contexts
Technical summary
The vulnerability exists in WOSDefaultHttpModule.dll when processing URL paths that begin with /woshome. An unauthenticated remote attacker can exploit this path traversal weakness to access files outside the intended directory structure. The CVSS vector indicates the attack is network-accessible, requires no user interaction, and no authentication, with high impact to confidentiality but no integrity or availability impact. The specific traversal sequence and root cause within the module are not detailed in available sources.
Defensive priority
HIGH
Recommended defensive actions
- Identify systems running WOSDefaultHttpModule.dll or responding to /woshome URL paths
- Review web server configurations for unexpected HTTP modules
- Apply vendor patches when available; consider temporary URL filtering or WAF rules for /woshome patterns if exploitation is confirmed
- Monitor for anomalous file access attempts from web server processes
- Validate file system permissions to limit impact of successful traversal attempts
Evidence notes
Vulnerability description and CVSS vector sourced from NVD record. Tenable research reference identified as primary disclosure source. Vendor attribution marked as low confidence requiring review—'Unknown Vendor' with candidate reference to Tenable as reporting entity, not necessarily affected vendor. CPE criteria absent from source record. CWE-23 (Relative Path Traversal) identified as weakness classification.
Official resources
-
CVE-2026-8361 CVE record
CVE.org
-
CVE-2026-8361 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
2026-05-27