CVE-2026-7876

CRITICAL

Authentication bypass vulnerability found in Aspera High-Speed Transfer Server for Cloud Pak for Integration

Title source: cna

Description

IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19 is affected by an authentication bypass vulnerability. A transfer client may be able to take advantage of this vulnerability to access files in the server's local storage that they should not have access to, when specific restriction settings are not in place.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory patch

https://www.ibm.com/support/pages/node/7274127

Scores

CVSS v3 9.1

EPSS 0.0028

EPSS Percentile 19.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-287

Status published

Products (2)

IBM/Aspera HSTS for CP4I 1.5.1 - 1.5.19

ibm/aspera_high-speed_transfer_server_for_cloud_pak_for_integration 1.5.1 - 1.5.20

Published May 27, 2026

Tracked Since May 27, 2026