Buffer Overflow Vulnerability in IBM Aspera High-Speed Transfer Products
CVE-2026-8179

8.8HIGH

Key Information:

Vendor: IBM
Status: Aspera High-speed Transfer Endpoint; Aspera High-speed Transfer Server
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-8179?

A buffer overflow vulnerability has been identified in the asperahttpd component of IBM Aspera High-Speed Transfer Endpoint and Transfer Server versions 3.7.4 to 4.4.7 Fix Pack 1. This security flaw enables an authenticated user to potentially execute arbitrary code on the affected systems, posing a significant risk to system integrity and confidentiality. It is crucial for users to apply the necessary patches to mitigate this vulnerability.

Affected Version(s)

Aspera High-Speed Transfer Endpoint 3.7.4 <= 4.4.7 Fix Pack 1

Aspera High-Speed Transfer Server 3.7.4 <= 4.4.7 Fix Pack 1

References

https://www.ibm.com/support/pages/node/7273615

vendor-advisorypatch

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
May 8, 2026

Credit

The vulnerabilities were reported to IBM by Yannik Marchand.

CVE-2026-8179 Data

JSON