CYBERSIXT Signal Over Noise
securityonline.info 6/1/2026, 2:48:36 AM · external

IBM patches critical Aspera flaws including severe CVEs

IBM patches critical Aspera flaws including severe CVEs
CyberSIXT Evidence Panel
CVE Intel
CVE-2026-7876 - NVD Not in KEV 9.1 CRITICAL
CVE-2026-9035 - NVD Not in KEV 6.5 MEDIUM
CVE-2026-8175 - NVD Not in KEV 9.8 CRITICAL
CISA KEV Not in KEV
Patch Patch Available

IBM has issued a security bulletin addressing multiple vulnerabilities in its Aspera software, crucial for high-speed file transfer systems. Key vulnerabilities include CVE-2026-7876, allowing authentication bypass with a CVSS score of 9.1, and CVE-2026-9035, which leads to unauthorized file access through path traversal. Severe memory corruption issues were identified, with CVE-2026-8175 (heap-based buffer overflow) scoring 9.8, leading to potential denial of service or remote code execution. Administrators are advised to upgrade software versions 3.7.4 to 4.4.7 to Fix Pack 2 to mitigate these risks.

View full article

Article by CyberSIXT