CVE-2026-9035
MEDIUM WAF: High
CVSS 6.5
Published: 2026-05-27
CWE-22
IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential arbitrary file read in the asperahttpd component. An authenticated user may be able to take advantage of this vulnerability to access files in the server’s local storage that they should not have access to.
WAF Coverage Analysis
Path Traversal
High WAF Coverage
OWASP: A01:2021 Broken Access Control
930xxx - Local File Inclusion
Affected Software
| Vendor | Product | Version |
|---|---|---|
| ibm | aspera_high-speed_transfer_endpoint | 3.7.4 - 4.4.6 |
| ibm | aspera_high-speed_transfer_endpoint | 4.4.7 |
| ibm | aspera_high-speed_transfer_endpoint | 4.4.7 |
| ibm | aspera_high-speed_transfer_server | 3.7.4 - 4.4.6 |
| ibm | aspera_high-speed_transfer_server | 4.4.7 |
| ibm | aspera_high-speed_transfer_server | 4.4.7 |
References
- www.ibm.com (Vendor Advisory)