CVE-2026-9035 (GCVE-0-2026-9035)
Vulnerability from cvelistv5 – Published: 2026-05-27 13:21 – Updated: 2026-05-27 14:47
VLAI
Title
Multiple vulnerabilities in Aspera applications.
Summary
IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential arbitrary file read in the asperahttpd component. An authenticated user may be able to take advantage of this vulnerability to access files in the server’s local storage that they should not have access to.
Severity
6.5 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7273615 | vendor-advisorypatch |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Aspera High-Speed Transfer Endpoint |
Affected:
3.7.4 , ≤ 4.4.7 Fix Pack 1
(semver)
cpe:2.3:a:ibm:aspera_high_speed_transfer_endpoint:3.7.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_high_speed_transfer_endpoint:4.4.7:*:*:*:*:*:*:* |
|
| IBM | Aspera High-Speed Transfer Server |
Affected:
3.7.4 , ≤ 4.4.7 Fix Pack 1
(semver)
cpe:2.3:a:ibm:aspera_high_speed_transfer_server:3.7.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:aspera_high_speed_transfer_server:4.4.7:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-9035",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-27T14:47:07.128841Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T14:47:20.101Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:aspera_high_speed_transfer_endpoint:3.7.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_high_speed_transfer_endpoint:4.4.7:*:*:*:*:*:*:*"
],
"product": "Aspera High-Speed Transfer Endpoint",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "4.4.7 Fix Pack 1",
"status": "affected",
"version": "3.7.4",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:aspera_high_speed_transfer_server:3.7.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:aspera_high_speed_transfer_server:4.4.7:*:*:*:*:*:*:*"
],
"product": "Aspera High-Speed Transfer Server",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "4.4.7 Fix Pack 1",
"status": "affected",
"version": "3.7.4",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "The vulnerabilities were reported to IBM by Yannik Marchand."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential arbitrary file read in the asperahttpd component. An authenticated user may be able to take advantage of this vulnerability to access files in the server\u2019s local storage that they should not have access to.\u003c/p\u003e"
}
],
"value": "IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential arbitrary file read in the asperahttpd component. An authenticated user may be able to take advantage of this vulnerability to access files in the server\u2019s local storage that they should not have access to."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T13:21:43.995Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7273615"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eProduct(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eVRMF\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eRemediation/First Fix\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Aspera High-Speed Transfer Server\u003c/td\u003e\u003ctd\u003e4.4.7 Fix Pack 2\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software\u0026amp;product=ibm/Other+software/IBM+Aspera+High-Speed+Transfer+Server\u0026amp;release=4.4.7.2\u0026amp;platform=All\u0026amp;function=all\" rel=\"noopener noreferrer nofollow\"\u003eLink to latest release (4.4.7 FP 2)\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Aspera High-Speed Transfer Endpoint\u003c/td\u003e\u003ctd\u003e4.4.7 Fix Pack 2\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software\u0026amp;product=ibm/Other+software/IBM+Aspera+High-Speed+Transfer+Endpoint\u0026amp;release=4.4.7.2\u0026amp;platform=All\u0026amp;function=all\" rel=\"nofollow\"\u003eLink to latest release (4.4.7 FP 2)\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e"
}
],
"value": "Product(s)VRMFRemediation/First FixIBM Aspera High-Speed Transfer Server4.4.7 Fix Pack 2Link to latest release (4.4.7 FP 2)IBM Aspera High-Speed Transfer Endpoint4.4.7 Fix Pack 2Link to latest release (4.4.7 FP 2)"
}
],
"title": "Multiple vulnerabilities in Aspera applications.",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-9035",
"datePublished": "2026-05-27T13:21:43.995Z",
"dateReserved": "2026-05-19T16:39:18.455Z",
"dateUpdated": "2026-05-27T14:47:20.101Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-9035",
"date": "2026-05-29",
"epss": "0.0004",
"percentile": "0.12556"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-9035\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2026-05-27T14:17:38.913\",\"lastModified\":\"2026-05-27T14:53:51.833\",\"vulnStatus\":\"Undergoing Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential arbitrary file read in the asperahttpd component. An authenticated user may be able to take advantage of this vulnerability to access files in the server\u2019s local storage that they should not have access to.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"references\":[{\"url\":\"https://www.ibm.com/support/pages/node/7273615\",\"source\":\"psirt@us.ibm.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-9035\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-27T14:47:07.128841Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-27T14:47:13.357Z\"}}], \"cna\": {\"title\": \"Multiple vulnerabilities in Aspera applications.\", \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"The vulnerabilities were reported to IBM by Yannik Marchand.\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:ibm:aspera_high_speed_transfer_endpoint:3.7.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:aspera_high_speed_transfer_endpoint:4.4.7:*:*:*:*:*:*:*\"], \"vendor\": \"IBM\", \"product\": \"Aspera High-Speed Transfer Endpoint\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.7.4\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.4.7 Fix Pack 1\"}]}, {\"cpes\": [\"cpe:2.3:a:ibm:aspera_high_speed_transfer_server:3.7.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:aspera_high_speed_transfer_server:4.4.7:*:*:*:*:*:*:*\"], \"vendor\": \"IBM\", \"product\": \"Aspera High-Speed Transfer Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.7.4\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.4.7 Fix Pack 1\"}]}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Product(s)VRMFRemediation/First FixIBM Aspera High-Speed Transfer Server4.4.7 Fix Pack 2Link to latest release (4.4.7 FP 2)IBM Aspera High-Speed Transfer Endpoint4.4.7 Fix Pack 2Link to latest release (4.4.7 FP 2)\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eProduct(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eVRMF\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eRemediation/First Fix\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Aspera High-Speed Transfer Server\u003c/td\u003e\u003ctd\u003e4.4.7 Fix Pack 2\u003c/td\u003e\u003ctd\u003e\u003ca href=\\\"https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software\u0026amp;product=ibm/Other+software/IBM+Aspera+High-Speed+Transfer+Server\u0026amp;release=4.4.7.2\u0026amp;platform=All\u0026amp;function=all\\\" rel=\\\"noopener noreferrer nofollow\\\"\u003eLink to latest release (4.4.7 FP 2)\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Aspera High-Speed Transfer Endpoint\u003c/td\u003e\u003ctd\u003e4.4.7 Fix Pack 2\u003c/td\u003e\u003ctd\u003e\u003ca href=\\\"https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software\u0026amp;product=ibm/Other+software/IBM+Aspera+High-Speed+Transfer+Endpoint\u0026amp;release=4.4.7.2\u0026amp;platform=All\u0026amp;function=all\\\" rel=\\\"nofollow\\\"\u003eLink to latest release (4.4.7 FP 2)\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.ibm.com/support/pages/node/7273615\", \"tags\": [\"vendor-advisory\", \"patch\"]}], \"x_generator\": {\"engine\": \"ibm-cvegen\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential arbitrary file read in the asperahttpd component. An authenticated user may be able to take advantage of this vulnerability to access files in the server\\u2019s local storage that they should not have access to.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eIBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential arbitrary file read in the asperahttpd component. An authenticated user may be able to take advantage of this vulnerability to access files in the server\\u2019s local storage that they should not have access to.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"shortName\": \"ibm\", \"dateUpdated\": \"2026-05-27T13:21:43.995Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-9035\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-27T14:47:20.101Z\", \"dateReserved\": \"2026-05-19T16:39:18.455Z\", \"assignerOrgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"datePublished\": \"2026-05-27T13:21:43.995Z\", \"assignerShortName\": \"ibm\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…