Cyber Resilience

CVE-2026-8180

HighUpdated

Published: 27 May 2026

Published
27 May 2026
Modified
05 June 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0028 19.6th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-8180 is a high-severity NULL Pointer Dereference (CWE-476) vulnerability in Ibm Aspera High-Speed Transfer Endpoint. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 19.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential denial of service in the asperahttpd…

more

component. An unauthenticated user can cause the asperahttpd service to crash.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Null dereference in public-facing asperahttpd enables unauthenticated remote DoS via application exploitation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-8175Same product: Ibm Aspera High-Speed Transfer Endpoint
CVE-2026-8179Same product: Ibm Aspera High-Speed Transfer Endpoint
CVE-2025-3356Same vendor: Ibm
CVE-2024-45650Same vendor: Ibm
CVE-2026-1376Same vendor: Ibm
CVE-2025-12531Same vendor: Ibm
CVE-2026-9319Same vendor: Ibm
CVE-2024-41787Same vendor: Ibm
CVE-2025-3354Same vendor: Ibm
CVE-2026-25501Shared CWE-476

Affected Assets

ibm
aspera high-speed transfer endpoint
4.4.7 · 3.7.4 — 4.4.6
ibm
aspera high-speed transfer server
4.4.7 · 3.7.4 — 4.4.6

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References