IBM Aspera HTTPD Buffer Overflow (3.7.44.4.7 FP1) DoS & RCE
CVE-2026-8175 Published on May 27, 2026
Multiple vulnerabilities in Aspera applications.
IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a buffer overflow in the asperahttpd component. This vulnerability could be exploited to cause a denial of service and potentially lead to authentication bypass or remote code execution.
Vulnerability Analysis
CVE-2026-8175 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
Weakness Type
Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Products Associated with CVE-2026-8175
stack.watch emails you whenever new vulnerabilities are published in IBM Aspera High Speed Transfer Endpoint or IBM Aspera High Speed Transfer Server. Just hit a watch button to start following.
Affected Versions
IBM Aspera High-Speed Transfer Endpoint:- Version 3.7.4, <= 4.4.7 Fix Pack 1 is affected.
- Version 3.7.4, <= 4.4.7 Fix Pack 1 is affected.