CVE-2026-7876

CVE-2026-7876: Authentication bypass vulnerability found in Aspera High-Speed Transfer Server for Cloud Pak for Integration

Vendor Ibm
Product Aspera HSTS for CP4I
Weakness CWE-287 · Improper authentication
Published May 27, 2026
Last update June 11, 2026

CVSS base score

What the vulnerability does

01Description

IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19 is affected by an authentication bypass vulnerability. A transfer client may be able to take advantage of this vulnerability to access files in the server's local storage that they should not have access to, when specific restriction settings are not in place.

Key dates

02Disclosure timeline

May 27, 2026 CVE published
June 11, 2026 Record updated

Related vulnerabilities

04Related CVE