CVE-2026-8359 HIGH

CVE-2026-8359: Gladinet Triofox WOSHttpStatusModule.dll NULL Function Pointer Call DoS

Vendor Gladinet
Product Triofox
Weakness CWE-476
Published May 27, 2026
Last update May 27, 2026

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

When processing a request with a URL path starting with /status or /sysinfo, WOSHttpStatusModule.dll is to be loaded to handle such URL patterns. The WOSBin_LoadHttpModule function in the dll would be called to set up a "module" object for that module. However, WOSHttpStatusModule.dll is not present in the installation. As a result, a function pointer to WOSBin_LoadHttpModule (which would have been in the export table in WOSHttpStatusModule.dll) is set to NULL, resulting in calling a function at address 0.

Key dates

02Disclosure timeline

May 27, 2026 CVE published
May 27, 2026 Record updated