VYPR
Medium severity6.5NVD Advisory· Published May 27, 2026· Updated Jun 5, 2026

CVE-2026-9035

CVE-2026-9035

Description

IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential arbitrary file read in the asperahttpd component. An authenticated user may be able to take advantage of this vulnerability to access files in the server’s local storage that they should not have access to.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

8
  • cpe:2.3:a:ibm:aspera_high-speed_transfer_endpoint:*:*:*:*:*:*:*:*+ 7 more
    • cpe:2.3:a:ibm:aspera_high-speed_transfer_endpoint:*:*:*:*:*:*:*:*range: >=3.7.4,<=4.4.6
    • cpe:2.3:a:ibm:aspera_high-speed_transfer_endpoint:4.4.7:-:*:*:*:*:*:*
    • cpe:2.3:a:ibm:aspera_high-speed_transfer_endpoint:4.4.7:fixpack1:*:*:*:*:*:*
    • cpe:2.3:a:ibm:aspera_high-speed_transfer_server:*:*:*:*:*:*:*:*range: >=3.7.4,<=4.4.6
    • cpe:2.3:a:ibm:aspera_high-speed_transfer_server:4.4.7:-:*:*:*:*:*:*
    • cpe:2.3:a:ibm:aspera_high-speed_transfer_server:4.4.7:fixpack1:*:*:*:*:*:*
    • (no CPE)range: 3.7.4 through 4.4.7 Fix Pack 1
    • (no CPE)range: 3.7.4 through 4.4.7 Fix Pack 1

Patches

Vulnerability mechanics

References

1

News mentions

1