CVE-2026-8175
Awaiting Analysis
Published: 27 May 2026, 13:17
Last modified:27 May 2026, 14:59
Vulnerability Summary
Overall Risk (default)
high
70/100 CVSS Score
9.8 CRITICAL
v3.1 (cve.org)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
27 May 2026, 13:17
Published
Vulnerability first disclosed
27 May 2026, 14:59
Last Modified
Vulnerability information updated
Description
IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a buffer overflow in the asperahttpd component. This vulnerability could be exploited to cause a denial of service and potentially lead to authentication bypass or remote code execution.
CVSS Metrics
- v3.1•CRITICAL•Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Techniques & Countermeasures
- CWE-122•Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Affected Systems
- ibm•aspera high-speed transfer endpoint
≥ 3.7.4, ≤ 4.4.7 Fix Pack 1
- ibm•aspera high-speed transfer server
≥ 3.7.4, ≤ 4.4.7 Fix Pack 1