VYPR
← All advisories
High severity7.5NVD Advisory· Published May 27, 2026· Updated May 27, 2026

CVE-2026-8180

CVE-2026-8180

Description

IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential denial of service in the asperahttpd component. An unauthenticated user can cause the asperahttpd service to crash.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An unauthenticated attacker can crash the asperahttpd service in IBM Aspera High-Speed Transfer Endpoint and Server versions 3.7.4 through 4.4.7 Fix Pack 1, causing a denial of service.

Vulnerability

The vulnerability is a denial of service in the asperahttpd component of IBM Aspera High-Speed Transfer Endpoint and IBM Aspera High-Speed Transfer Server. Affected versions are 3.7.4 through 4.4.7 Fix Pack 1. An unauthenticated user can trigger a crash of the asperahttpd service without requiring any special configuration or privileges.

Exploitation

An attacker with network access to the affected service can send a crafted request to the asperahttpd component. No authentication is required, and the attack can be performed remotely. The exact sequence of steps is not publicly detailed, but the crash occurs upon receipt of the malicious input.

Impact

Successful exploitation results in a denial of service, causing the asperahttpd service to crash. This disrupts file transfer operations until the service is restarted. There is no indication of data compromise or code execution; the impact is limited to availability.

Mitigation

IBM has addressed this vulnerability in version 4.4.7 Fix Pack 2, as documented in the security bulletin [1]. Users should upgrade to this or a later fixed version. No workarounds are available. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.

References
  1. Security Bulletin: Multiple vulnerabilities in Aspera applications.

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

1

News mentions

0

No linked articles in our index yet.