IBM Aspera High-Speed Transfer Endpoint 3.7.4-4.4.7 FP1 DoS via asperahttpd
CVE-2026-8180 Published on May 27, 2026
Multiple vulnerabilities in Aspera applications.
IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential denial of service in the asperahttpd component. An unauthenticated user can cause the asperahttpd service to crash.
Vulnerability Analysis
CVE-2026-8180 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Weakness Type
NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. NULL pointer dereference issues can occur through a number of flaws, including race conditions, and simple programming omissions.
Products Associated with CVE-2026-8180
stack.watch emails you whenever new vulnerabilities are published in IBM Aspera High Speed Transfer Endpoint or IBM Aspera High Speed Transfer Server. Just hit a watch button to start following.
Affected Versions
IBM Aspera High-Speed Transfer Endpoint:- Version 3.7.4, <= 4.4.7 Fix Pack 1 is affected.
- Version 3.7.4, <= 4.4.7 Fix Pack 1 is affected.