PatchSiren cyber security CVE debrief
CVE-2026-8362 Gladinet CVE debrief
A critical stack-based buffer overflow vulnerability exists in WOSDefaultHttpModule.dll when processing long URL paths beginning with /woshome. The vulnerability, published to NVD on 2026-05-27, carries a CVSS 3.1 score of 9.8 (Critical) with network attack vector, low complexity, and no required privileges or user interaction. The affected component appears to be a web server module handling HTTP requests, where insufficient bounds checking on URL path length leads to stack corruption. The CWE-121 classification indicates classic stack buffer overflow conditions exploitable for code execution. Tenable has published research on this vulnerability. Vendor identification remains uncertain with low confidence—attribution to 'Unknown Vendor' requires review. No KEV listing or known ransomware campaign use has been identified. Organizations should prioritize patching given the critical severity and remote exploitability without authentication.
- Vendor
- Gladinet
- Product
- Triofox
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-27
- Original CVE updated
- 2026-05-28
- Advisory published
- 2026-05-27
- Advisory updated
- 2026-05-28
Who should care
Organizations running web services utilizing WOSDefaultHttpModule.dll; security teams managing IIS or similar Windows-based HTTP server environments; incident response teams monitoring for unauthenticated RCE attempts
Technical summary
The vulnerability resides in WOSDefaultHttpModule.dll, a web server HTTP module component. When processing HTTP requests with URL paths starting with /woshome that exceed expected length boundaries, the module fails to perform adequate bounds checking, resulting in stack-based buffer overflow (CWE-121). The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) indicates network-accessible attack surface with low complexity, no privileges required, no user interaction, and high impact across confidentiality, integrity, and availability—consistent with remote code execution potential. The specific product name and vendor remain unidentified with low confidence attribution.
Defensive priority
critical
Recommended defensive actions
- Apply vendor security updates for WOSDefaultHttpModule.dll when available
- Implement URL length restrictions at reverse proxy or WAF layer for paths beginning with /woshome
- Enable stack protection mechanisms (ASLR, DEP/NX, stack canaries) on affected systems
- Monitor for anomalous HTTP requests with oversized URL paths to /woshome endpoints
- Segment affected systems from untrusted networks pending patch availability
Evidence notes
CVE published and modified 2026-05-27T20:16:42.993Z per NVD. CVSS vector confirms network-attackable, unauthenticated remote code execution conditions. Tenable reference provides technical source. Vendor attribution flagged low-confidence requiring review.
Official resources
-
CVE-2026-8362 CVE record
CVE.org
-
CVE-2026-8362 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
2026-05-27