Buffer Overflow in IBM Aspera High-Speed Transfer Products
CVE-2026-8175

9.8CRITICAL

Key Information:

Vendor: IBM
Status: Aspera High-speed Transfer Endpoint; Aspera High-speed Transfer Server
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-8175?

IBM Aspera High-Speed Transfer Endpoint and Server versions 3.7.4 to 4.4.7 Fix Pack 1 are susceptible to a buffer overflow in the asperahttpd component. This vulnerability poses a risk, allowing potential attackers to exploit it for denial of service conditions. Additionally, it opens the door for authentication bypass or even remote code execution, further compromising the security of the system. It is crucial for users to apply security patches provided by IBM to mitigate these risks.

Affected Version(s)

Aspera High-Speed Transfer Endpoint 3.7.4 <= 4.4.7 Fix Pack 1

Aspera High-Speed Transfer Server 3.7.4 <= 4.4.7 Fix Pack 1

References

https://www.ibm.com/support/pages/node/7273615

vendor-advisorypatch

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
May 8, 2026

Credit

The vulnerabilities were reported to IBM by Yannik Marchand.

CVE-2026-8175 Data

JSON