{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/aspera-high-speed-transfer-endpoint-3.7.6/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-8180"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Aspera High-Speed Transfer Endpoint","Aspera High-Speed Transfer Endpoint 3.7.4","Aspera High-Speed Transfer Endpoint 3.7.5","Aspera High-Speed Transfer Endpoint 3.7.6","Aspera High-Speed Transfer Endpoint 3.7.7","Aspera High-Speed Transfer Endpoint 3.7.8","Aspera High-Speed Transfer Endpoint 3.7.9","Aspera High-Speed Transfer Endpoint 3.7.10","Aspera High-Speed Transfer Endpoint 3.7.11","Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1","Aspera High-Speed Transfer Server 3.7.4","Aspera High-Speed Transfer Server 3.7.5","Aspera High-Speed Transfer Server 3.7.6","Aspera High-Speed Transfer Server 3.7.7","Aspera High-Speed Transfer Server 3.7.8","Aspera High-Speed Transfer Server 3.7.9","Aspera High-Speed Transfer Server 3.7.10","Aspera High-Speed Transfer Server 3.7.11","Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1"],"_cs_severities":["medium"],"_cs_tags":["denial-of-service","cve"],"_cs_type":"advisory","_cs_vendors":["IBM"],"content_html":"\u003cp\u003eIBM Aspera High-Speed Transfer Endpoint and Server are affected by a denial-of-service vulnerability. Specifically, versions 3.7.4 through 4.4.7 Fix Pack 1 of both the Endpoint and Server products, along with the general Aspera High-Speed Transfer Endpoint, are susceptible to this flaw. The vulnerability lies within the \u003ccode\u003easperahttpd\u003c/code\u003e component, where an unauthenticated user can trigger a crash of the service. This can disrupt file transfer operations and potentially impact overall system availability. The CVE ID associated with this vulnerability is CVE-2026-8180.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker sends a crafted request to the \u003ccode\u003easperahttpd\u003c/code\u003e service.\u003c/li\u003e\n\u003cli\u003eThe crafted request triggers a null pointer dereference within the \u003ccode\u003easperahttpd\u003c/code\u003e component (CWE-476).\u003c/li\u003e\n\u003cli\u003eThe null pointer dereference causes the \u003ccode\u003easperahttpd\u003c/code\u003e service to crash.\u003c/li\u003e\n\u003cli\u003eThe crash disrupts normal operation of the Aspera High-Speed Transfer Endpoint or Server.\u003c/li\u003e\n\u003cli\u003eUsers are unable to initiate or complete file transfers.\u003c/li\u003e\n\u003cli\u003eRepeated exploitation leads to sustained denial of service.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-8180 results in a denial of service, impacting the availability of the Aspera High-Speed Transfer Endpoint and Server. This can disrupt critical file transfer workflows, potentially leading to data delivery delays and operational downtime. The number of affected systems depends on the number of deployments running the vulnerable versions.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade IBM Aspera High-Speed Transfer Endpoint and Server to a version beyond 4.4.7 Fix Pack 1 to remediate CVE-2026-8180, as recommended by the vendor advisory (\u003ca href=\"https://www.ibm.com/support/pages/node/7273615)\"\u003ehttps://www.ibm.com/support/pages/node/7273615)\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Asperahttpd Service Crash\u0026rdquo; to monitor for crashes related to potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for anomalous requests targeting the \u003ccode\u003easperahttpd\u003c/code\u003e service to identify potential exploitation attempts.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-27T14:20:53Z","date_published":"2026-05-27T14:20:53Z","id":"https://feed.craftedsignal.io/briefs/2026-05-aspera-dos/","summary":"IBM Aspera High-Speed Transfer Endpoint and Server versions 3.7.4 through 4.4.7 Fix Pack 1 are vulnerable to a denial-of-service (DoS) attack where an unauthenticated user can crash the asperahttpd service.","title":"CVE-2026-8180: IBM Aspera High-Speed Transfer Denial of Service","url":"https://feed.craftedsignal.io/briefs/2026-05-aspera-dos/"}],"language":"en","title":"CraftedSignal Threat Feed — Aspera High-Speed Transfer Endpoint 3.7.6","version":"https://jsonfeed.org/version/1.1"}