← voltar
CVE-2026-7876

Authentication bypass vulnerability found in Aspera High-Speed Transfer Server for Cloud Pak for Integration

CVSS 9.1 CRITICALEPSS 0.3%CWE-287
Vexday Risk Score
28Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 9.1EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
27 mai 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19 is affected by an authentication bypass vulnerability. A transfer client may be able to take advantage of this vulnerability to access files in the server's local storage that they should not have access to, when specific restriction settings are not in place.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N