CVE-2026-8364 Gladinet CVE debrief

Who should care

Organizations running Gladinet Triofox Cloud Server deployments, security operations teams monitoring for unauthorized access attempts, and network administrators responsible for segmenting cloud storage infrastructure

Technical summary

The Gladinet Triofox Cloud Server Agent Access Service (GladServerAgentService.exe) exposes an HTTP service on TCP port 7878 that processes requests to specific URL paths without requiring authentication. Affected paths include /resources, /status, /sysinfo, /woshome, /Settings, /schedule, and /DavCache. The CVSS 3.1 score of 9.8 reflects network accessibility, trivial exploitability, and complete system compromise potential. The underlying weakness is missing authentication for critical functionality (CWE-306).

Defensive priority

critical

Recommended defensive actions

• Restrict network access to TCP port 7878 on systems running Gladinet Triofox Cloud Server Agent Access Service
• Apply vendor patches when available from Gladinet
• Monitor for unauthorized HTTP requests to paths /resources, /status, /sysinfo, /woshome, /Settings, /schedule, or /DavCache on affected systems
• Review Tenable security advisory for additional technical details and detection guidance
• Consider network segmentation to isolate Triofox server agents from untrusted networks

Evidence notes

Vulnerability description sourced from NVD record with CVSS 3.1 vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. Weakness identified as CWE-306 by Tenable. Vendor attribution to Gladinet based on product name in description; vendor field marked as 'Unknown Vendor' with low confidence in source data requiring review.

Official resources