CVE-2026-8360 | THREATINT

Description

Function calls to WOSCommonUtil.dll!WOSSysInfoGetDeviceInterface() in various DLLs (i.e., WOSProfileMgrModule.dll, WOSWebDavModule.dll) can return a NULL pointer (i.e., when no user is logged into the Triofox Server Agent Management Console). The returned NULL pointer is not checked before being dereferenced.

PUBLISHED Reserved 2026-05-11 | Published 2026-05-27 | Updated 2026-05-27 | Assigner tenable

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-476 NULL pointer dereference

Product status

Default status

unaffected

Any version before 17.3.10565.57509

affected

References

www.tenable.com/security/research/TRA-2026-45 exploit

www.tenable.com/security/research/TRA-2026-45

cve.org (CVE-2026-8360)

nvd.nist.gov (CVE-2026-8360)

Download JSON