CVE Catalog

CVE-2026-7876

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.04%

11th percentile — higher than 11% of all known CVEs

Summary

IBM Aspera HSTS for CP4I versions 1.5.1 through 1.5.19 is affected by an authentication bypass vulnerability. A transfer client may exploit this vulnerability to access files in the server's local storage that they should not have access to when specific restriction settings are not in place.

Risk Assessment

The organization may be exposed to unauthorized access to sensitive data, potentially leading to breaches of privacy and information security.

Recommendation

It is recommended to implement appropriate restriction settings and update to the latest version of the software to minimize the risk associated with this vulnerability.

Original NVD description (English source)

IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19 is affected by an authentication bypass vulnerability. A transfer client may be able to take advantage of this vulnerability to access files in the server's local storage that they should not have access to, when specific restriction settings are not in place.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS