CVE-2026-8180 PUBLISHED

Multiple vulnerabilities in Aspera applications.

Assigner: ibm
Reserved: 08.05.2026 Published: 27.05.2026 Updated: 27.05.2026

IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential denial of service in the asperahttpd component. An unauthenticated user can cause the asperahttpd service to crash.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS Score: 7.5

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	None	Integrity Impact	None
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	IBM
Product	Aspera High-Speed Transfer Endpoint
Versions	affected from 3.7.4 to 4.4.7 Fix Pack 1 (incl.)

Vendor	IBM
Product	Aspera High-Speed Transfer Server
Versions	affected from 3.7.4 to 4.4.7 Fix Pack 1 (incl.)

Solutions

Product(s)VRMFRemediation/First FixIBM Aspera High-Speed Transfer Server4.4.7 Fix Pack 2Link to latest release (4.4.7 FP 2)IBM Aspera High-Speed Transfer Endpoint4.4.7 Fix Pack 2Link to latest release (4.4.7 FP 2)

Credits

The vulnerabilities were reported to IBM by Yannik Marchand. finder

References

https://www.ibm.com/support/pages/node/7273615

Problem Types

CWE-476 NULL Pointer Dereference CWE