{"api_version":"1","generated_at":"2026-06-03T11:06:43+00:00","cve":"CVE-2026-9035","urls":{"html":"https://cve.report/CVE-2026-9035","api":"https://cve.report/api/cve/CVE-2026-9035.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-9035","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-9035"},"summary":{"title":"Multiple vulnerabilities in Aspera applications.","description":"IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential arbitrary file read in the asperahttpd component. An authenticated user may be able to take advantage of this vulnerability to access files in the server’s local storage that they should not have access to.","state":"PUBLISHED","assigner":"ibm","published_at":"2026-05-27 14:17:38","updated_at":"2026-05-27 14:53:51"},"problem_types":["CWE-22","CWE-22 CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"metrics":[{"version":"3.1","source":"psirt@us.ibm.com","type":"Primary","score":"6.5","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"6.5","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","version":"3.1"}}],"references":[{"url":"https://www.ibm.com/support/pages/node/7273615","name":"https://www.ibm.com/support/pages/node/7273615","refsource":"psirt@us.ibm.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-9035","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-9035","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"IBM","product":"Aspera High-Speed Transfer Endpoint","version":"affected 3.7.4 4.4.7 Fix Pack 1 semver","platforms":[]},{"source":"CNA","vendor":"IBM","product":"Aspera High-Speed Transfer Server","version":"affected 3.7.4 4.4.7 Fix Pack 1 semver","platforms":[]}],"timeline":[],"solutions":[{"source":"CNA","title":"","value":"Product(s)VRMFRemediation/First FixIBM Aspera High-Speed Transfer Server4.4.7 Fix Pack 2Link to latest release (4.4.7 FP 2)IBM Aspera High-Speed Transfer Endpoint4.4.7 Fix Pack 2Link to latest release (4.4.7 FP 2)","time":"","lang":"en"}],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"The vulnerabilities were reported to IBM by Yannik Marchand.","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"9035","cve":"CVE-2026-9035","epss":"0.000400000","percentile":"0.124750000","score_date":"2026-06-01","updated_at":"2026-06-02 00:05:21"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"cpes":["cpe:2.3:a:ibm:aspera_high_speed_transfer_endpoint:3.7.4:*:*:*:*:*:*:*","cpe:2.3:a:ibm:aspera_high_speed_transfer_endpoint:4.4.7:*:*:*:*:*:*:*"],"product":"Aspera High-Speed Transfer Endpoint","vendor":"IBM","versions":[{"lessThanOrEqual":"4.4.7 Fix Pack 1","status":"affected","version":"3.7.4","versionType":"semver"}]},{"cpes":["cpe:2.3:a:ibm:aspera_high_speed_transfer_server:3.7.4:*:*:*:*:*:*:*","cpe:2.3:a:ibm:aspera_high_speed_transfer_server:4.4.7:*:*:*:*:*:*:*"],"product":"Aspera High-Speed Transfer Server","vendor":"IBM","versions":[{"lessThanOrEqual":"4.4.7 Fix Pack 1","status":"affected","version":"3.7.4","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","value":"The vulnerabilities were reported to IBM by Yannik Marchand."}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential arbitrary file read in the asperahttpd component. An authenticated user may be able to take advantage of this vulnerability to access files in the server’s local storage that they should not have access to.</p>"}],"value":"IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential arbitrary file read in the asperahttpd component. An authenticated user may be able to take advantage of this vulnerability to access files in the server’s local storage that they should not have access to."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-22","description":"CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-05-27T13:21:43.995Z","orgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","shortName":"ibm"},"references":[{"tags":["vendor-advisory","patch"],"url":"https://www.ibm.com/support/pages/node/7273615"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<div><table><tbody><tr><td><strong>Product(s)</strong></td><td><strong>VRMF</strong></td><td><strong>Remediation/First Fix</strong></td></tr><tr><td>IBM Aspera High-Speed Transfer Server</td><td>4.4.7 Fix Pack 2</td><td><a href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&amp;product=ibm/Other+software/IBM+Aspera+High-Speed+Transfer+Server&amp;release=4.4.7.2&amp;platform=All&amp;function=all\" rel=\"noopener noreferrer nofollow\">Link to latest release (4.4.7 FP 2)</a></td></tr><tr><td>IBM Aspera High-Speed Transfer Endpoint</td><td>4.4.7 Fix Pack 2</td><td><a href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&amp;product=ibm/Other+software/IBM+Aspera+High-Speed+Transfer+Endpoint&amp;release=4.4.7.2&amp;platform=All&amp;function=all\" rel=\"nofollow\">Link to latest release (4.4.7 FP 2)</a></td></tr></tbody></table></div>"}],"value":"Product(s)VRMFRemediation/First FixIBM Aspera High-Speed Transfer Server4.4.7 Fix Pack 2Link to latest release (4.4.7 FP 2)IBM Aspera High-Speed Transfer Endpoint4.4.7 Fix Pack 2Link to latest release (4.4.7 FP 2)"}],"title":"Multiple vulnerabilities in Aspera applications.","x_generator":{"engine":"ibm-cvegen"}}},"cveMetadata":{"assignerOrgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","assignerShortName":"ibm","cveId":"CVE-2026-9035","datePublished":"2026-05-27T13:21:43.995Z","dateReserved":"2026-05-19T16:39:18.455Z","dateUpdated":"2026-05-27T13:21:43.995Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-05-27 14:17:38","lastModifiedDate":"2026-05-27 14:53:51","problem_types":["CWE-22","CWE-22 CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"9035","Ordinal":"1","Title":"Multiple vulnerabilities in Aspera applications.","CVE":"CVE-2026-9035","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"9035","Ordinal":"1","NoteData":"IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential arbitrary file read in the asperahttpd component. An authenticated user may be able to take advantage of this vulnerability to access files in the server’s local storage that they should not have access to.","Type":"Description","Title":"Multiple vulnerabilities in Aspera applications."}]}}}