Multiple vulnerabilities in Aspera applications._CVE-2026-8179

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a buffer overflow in the asperahttpd component. This vulnerability could allow an authenticated user to execute arbitrary code on the system.

AI Analysis

Buffer overflow vulnerability in asperahttpd component allowing authenticated users to execute arbitrary code

Basic Information

ID CVE-2026-8179

Source ibm

Published May 27, 2026 at 13:17

Affected Product

Vendor IBM

Product Aspera High-Speed Transfer Endpoint

Version 3.7.4

Affected Versions IBM Aspera High-Speed Transfer Endpoint 3.7.4
IBM Aspera High-Speed Transfer Server 3.7.4

CWE Classification

CWE-121

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor IBM

Product Aspera High-Speed Transfer Endpoint and Aspera High-Speed Transfer Server

Version 3.7.4 through 4.4.7 Fix Pack 1

References

www.ibm.com /support/pages/node/7273615

{
    "lastseen": "",
    "description": "IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a buffer overflow in the asperahttpd component. This vulnerability could allow an authenticated user to execute arbitrary code on the system.",
    "published": "2026-05-27T13:17:50.877Z",
    "modified": "2026-05-27T13:17:50.877Z",
    "type": "cve",
    "title": "Multiple vulnerabilities in Aspera applications.",
    "source": "ibm",
    "references": "https://www.ibm.com/support/pages/node/7273615",
    "id": "CVE-2026-8179",
    "bulletinFamily": "",
    "cwe": [
        "CWE-121"
    ],
    "cvelist": null,
    "sourceData": "IBM Aspera High-Speed Transfer Endpoint 3.7.4\nIBM Aspera High-Speed Transfer Server 3.7.4",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Aspera High-Speed Transfer Endpoint",
    "version": "3.7.4",
    "vendor": "IBM",
    "ai_description": "Buffer overflow vulnerability in asperahttpd component allowing authenticated users to execute arbitrary code",
    "ai_severity": "High",
    "ai_vendor": "IBM",
    "ai_product": "Aspera High-Speed Transfer Endpoint and Aspera High-Speed Transfer Server",
    "ai_version": "3.7.4 through 4.4.7 Fix Pack 1",
    "ai_score": 8.8
}