QSearchQSearch

CVE-2026-9035

6.5 MEDIUM

IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix ...

Published: 2026-05-27 · Last updated: 2026-06-05

Severity and scoring

CVSS
6.5 MEDIUM
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE
CWE-22

Affected products

VendorProduct
ibmaspera_high-speed_transfer_endpoint, aspera_high-speed_transfer_server

Description

IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential arbitrary file read in the asperahttpd component. An authenticated user may be able to take advantage of this vulnerability to access files in the server’s local storage that they should not have access to.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-9330 IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using th... (8.5 HIGH)
  • CVE-2026-9319 IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to deserialization of untrusted data v... (9.0 CRITICAL)
  • CVE-2026-9311 IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls (9.0 CRITICAL)
  • CVE-2026-8644 IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing (9.1 CRITICAL)
  • CVE-2026-1248 IBM Business Automation Workflow containers and traditional may leak information about its database structure in error messages (4.3 MEDIUM)

Same CWE

  • CVE-2026-52726 Dulwich is a pure-Python implementation of the Git file formats and protocols (7.5 HIGH)
  • CVE-2026-49219 ImageMagick is free and open-source software used for editing and manipulating digital images (5.5 MEDIUM)
  • CVE-2026-47712 Dulwich is a pure-Python implementation of the Git file formats and protocols (3.3 LOW)
  • CVE-2026-46703 Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to ru... (9.6 CRITICAL)
  • CVE-2026-42305 Dulwich is a pure-Python implementation of the Git file formats and protocols (8.8 HIGH)