CVE-2026-8180 - Vulnerability Details

- Multiple vulnerabilities in Aspera applications.

Description

IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential denial of service in the asperahttpd component. An unauthenticated user can cause the asperahttpd service to crash.

Published: 2026-05-27

Score: 7.5 High

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

IBM

Aspera High-Speed Transfer Endpoint

affected

Version	Status	Constraints
`3.7.4`	affected	≤ 4.4.7 Fix Pack 1

IBM

Aspera High-Speed Transfer Server

affected

Version	Status	Constraints
`3.7.4`	affected	≤ 4.4.7 Fix Pack 1

No data.

No data available yet.

Remediation

Vendor Solution

Product(s)VRMFRemediation/First FixIBM Aspera High-Speed Transfer Server4.4.7 Fix Pack 2Link to latest release (4.4.7 FP 2)IBM Aspera High-Speed Transfer Endpoint4.4.7 Fix Pack 2Link to latest release (4.4.7 FP 2)

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://www.ibm.com/support/pages/node/7273615

History

Wed, 27 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential denial of service in the asperahttpd component. An unauthenticated user can cause the asperahttpd service to crash.
Title		Multiple vulnerabilities in Aspera applications.
First Time appeared		Ibm Ibm aspera High Speed Transfer Endpoint Ibm aspera High Speed Transfer Server
Weaknesses		CWE-476
CPEs		cpe:2.3:a:ibm:aspera_high_speed_transfer_endpoint:3.7.4:::::::* cpe:2.3:a:ibm:aspera_high_speed_transfer_endpoint:4.4.7:::::::* cpe:2.3:a:ibm:aspera_high_speed_transfer_server:3.7.4:::::::* cpe:2.3:a:ibm:aspera_high_speed_transfer_server:4.4.7:::::::*
Vendors & Products		Ibm Ibm aspera High Speed Transfer Endpoint Ibm aspera High Speed Transfer Server
References		https://www.ibm.com/support/pages/node/7273615
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}`

Subscriptions

Ibm Aspera High Speed Transfer Endpoint Aspera High Speed Transfer Server

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2026-05-27T13:20:07.809Z

Updated: 2026-05-27T13:20:07.809Z

Reserved: 2026-05-08T16:17:39.551Z

Link: CVE-2026-8180

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:38.170

Modified: 2026-05-27T14:53:51.833

Link: CVE-2026-8180

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-476

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object