CVE-2026-9035

EUVD-2026-32503
IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential arbitrary file read in the asperahttpd component. An authenticated user may be able to take advantage of this vulnerability to access files in the server’s local storage that they should not have access to.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
Affected Products (NVD)
VendorProductVersion
ibmaspera_high-speed_transfer_endpoint
3.7.4 ≤
𝑥
≤ 4.4.6
ibmaspera_high-speed_transfer_endpoint
4.4.7
ibmaspera_high-speed_transfer_endpoint
4.4.7:fixpack1
ibmaspera_high-speed_transfer_server
3.7.4 ≤
𝑥
≤ 4.4.6
ibmaspera_high-speed_transfer_server
4.4.7
ibmaspera_high-speed_transfer_server
4.4.7:fixpack1
𝑥
= Vulnerable software versions