Cyber Resilience

CVE-2026-8179

HighUpdated

Published: 27 May 2026

Published
27 May 2026
Modified
05 June 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0040 32.1th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-8179 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Ibm Aspera High-Speed Transfer Endpoint. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 32.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a buffer overflow in the asperahttpd component. This…

more

vulnerability could allow an authenticated user to execute arbitrary code on the system.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Buffer overflow in server component enables authenticated arbitrary code execution, directly mapping to exploitation for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-8175Same product: Ibm Aspera High-Speed Transfer Endpoint
CVE-2026-8180Same product: Ibm Aspera High-Speed Transfer Endpoint
CVE-2026-3623Same vendor: Ibm
CVE-2024-49814Same vendor: Ibm
CVE-2025-36184Same vendor: Ibm
CVE-2025-14604Same vendor: Ibm
CVE-2026-2311Same vendor: Ibm
CVE-2025-70083Shared CWE-121
CVE-2025-36418Same vendor: Ibm
CVE-2026-32708Shared CWE-121

Affected Assets

ibm
aspera high-speed transfer endpoint
4.4.7 · 3.7.4 — 4.4.6
ibm
aspera high-speed transfer server
4.4.7 · 3.7.4 — 4.4.6

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References