Description
IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a buffer overflow in the asperahttpd component. This vulnerability could be exploited to cause a denial of service and potentially lead to authentication bypass or remote code execution.
Published: 2026-05-27
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a buffer overflow in the asperahttpd component of IBM Aspera High-Speed Transfer Endpoint and Server. Attackers could trigger the overflow to crash the service, causing denial of service. The flaw also permits authentication bypass or full remote code execution, compromising confidentiality, integrity, and availability. The weakness is a classic heap or stack overflow, identified as CWE-122.

Affected Systems

Affected are IBM Aspera High-Speed Transfer Endpoint and IBM Aspera High-Speed Transfer Server versions 3.7.4 through 4.4.7 Fix Pack 1. The recommended fix is to upgrade to version 4.4.7 Fix Pack 2 for both Endpoint and Server, which addresses the buffer overflow.

Risk and Exploitability

With a CVSS score of 9.8, this is a critical vulnerability. No EPSS score is available, but the lack of KEV listing does not reduce the urgency. The flaw can be exploited remotely over the network by sending crafted requests to asperahttpd, likely without authentication. Attackers could achieve full remote code execution or related privileges, making this a high-risk exposure that should be remediated immediately.

Generated by OpenCVE AI on May 27, 2026 at 19:59 UTC.

Remediation

Vendor Solution

Product(s)VRMFRemediation/First FixIBM Aspera High-Speed Transfer Server4.4.7 Fix Pack 2Link to latest release (4.4.7 FP 2)IBM Aspera High-Speed Transfer Endpoint4.4.7 Fix Pack 2Link to latest release (4.4.7 FP 2)

OpenCVE Recommended Actions

  • Download and install the 4.4.7 Fix Pack 2 update for both IBM Aspera High-Speed Transfer Server and Endpoint.
  • Restart the asperahttpd service after the update to ensure the buffer overflow fix is active.
  • Restrict external access to the asperahttpd port to trusted IP addresses or apply firewall rules until the patch is deployed.

Generated by OpenCVE AI on May 27, 2026 at 19:59 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 19:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:ibm:aspera_high-speed_transfer_endpoint:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:aspera_high-speed_transfer_endpoint:4.4.7:-:*:*:*:*:*:*
cpe:2.3:a:ibm:aspera_high-speed_transfer_endpoint:4.4.7:fixpack1:*:*:*:*:*:*
cpe:2.3:a:ibm:aspera_high-speed_transfer_server:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:aspera_high-speed_transfer_server:4.4.7:-:*:*:*:*:*:*
cpe:2.3:a:ibm:aspera_high-speed_transfer_server:4.4.7:fixpack1:*:*:*:*:*:*

Thu, 28 May 2026 05:00:00 +0000

Type Values Removed Values Added
First Time appeared Ibm aspera High-speed Transfer Endpoint
Ibm aspera High-speed Transfer Server
Vendors & Products Ibm aspera High-speed Transfer Endpoint
Ibm aspera High-speed Transfer Server

Wed, 27 May 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a buffer overflow in the asperahttpd component. This vulnerability could be exploited to cause a denial of service and potentially lead to authentication bypass or remote code execution.
Title Multiple vulnerabilities in Aspera applications.
First Time appeared Ibm
Ibm aspera High Speed Transfer Endpoint
Ibm aspera High Speed Transfer Server
Weaknesses CWE-122
CPEs cpe:2.3:a:ibm:aspera_high_speed_transfer_endpoint:3.7.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:aspera_high_speed_transfer_endpoint:4.4.7:*:*:*:*:*:*:*
cpe:2.3:a:ibm:aspera_high_speed_transfer_server:3.7.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:aspera_high_speed_transfer_server:4.4.7:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm aspera High Speed Transfer Endpoint
Ibm aspera High Speed Transfer Server
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Ibm Aspera High-speed Transfer Endpoint Aspera High-speed Transfer Server Aspera High Speed Transfer Endpoint Aspera High Speed Transfer Server
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-05-28T03:55:29.883Z

Reserved: 2026-05-08T15:08:33.637Z

Link: CVE-2026-8175

cve-icon Vulnrichment

Updated: 2026-05-27T14:58:59.370Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-27T14:17:35.970

Modified: 2026-06-05T18:57:06.110

Link: CVE-2026-8175

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T04:45:07Z

Weaknesses
  • CWE-122

    Heap-based Buffer Overflow