Medium severity6.5NVD Advisory· Published May 27, 2026· Updated Jun 5, 2026
CVE-2026-9035
CVE-2026-9035
Description
IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential arbitrary file read in the asperahttpd component. An authenticated user may be able to take advantage of this vulnerability to access files in the server’s local storage that they should not have access to.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8cpe:2.3:a:ibm:aspera_high-speed_transfer_endpoint:*:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:ibm:aspera_high-speed_transfer_endpoint:*:*:*:*:*:*:*:*range: >=3.7.4,<=4.4.6
- cpe:2.3:a:ibm:aspera_high-speed_transfer_endpoint:4.4.7:-:*:*:*:*:*:*
- cpe:2.3:a:ibm:aspera_high-speed_transfer_endpoint:4.4.7:fixpack1:*:*:*:*:*:*
- cpe:2.3:a:ibm:aspera_high-speed_transfer_server:*:*:*:*:*:*:*:*range: >=3.7.4,<=4.4.6
- cpe:2.3:a:ibm:aspera_high-speed_transfer_server:4.4.7:-:*:*:*:*:*:*
- cpe:2.3:a:ibm:aspera_high-speed_transfer_server:4.4.7:fixpack1:*:*:*:*:*:*
- (no CPE)range: 3.7.4 through 4.4.7 Fix Pack 1
- (no CPE)range: 3.7.4 through 4.4.7 Fix Pack 1
Patches
Vulnerability mechanics
References
1- www.ibm.com/support/pages/node/7273615nvdVendor Advisory
News mentions
1- IBM's May 2026 Patch Dump: 25 CVEs Span Aspera, Db2, Langflow, and MoreVypr Intelligence · May 27, 2026