CVE-2026-8175 PUBLISHED

Multiple vulnerabilities in Aspera applications.

Assigner: ibm
Reserved: 08.05.2026 Published: 27.05.2026 Updated: 27.05.2026

IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a buffer overflow in the asperahttpd component. This vulnerability could be exploited to cause a denial of service and potentially lead to authentication bypass or remote code execution.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 9.8

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	IBM
Product	Aspera High-Speed Transfer Endpoint
Versions	affected from 3.7.4 to 4.4.7 Fix Pack 1 (incl.)

Vendor	IBM
Product	Aspera High-Speed Transfer Server
Versions	affected from 3.7.4 to 4.4.7 Fix Pack 1 (incl.)

Solutions

Product(s)VRMFRemediation/First FixIBM Aspera High-Speed Transfer Server4.4.7 Fix Pack 2Link to latest release (4.4.7 FP 2)IBM Aspera High-Speed Transfer Endpoint4.4.7 Fix Pack 2Link to latest release (4.4.7 FP 2)

Credits

The vulnerabilities were reported to IBM by Yannik Marchand. finder

References

https://www.ibm.com/support/pages/node/7273615

Problem Types

CWE-122 Heap-based Buffer Overflow CWE