CVE-2026-7876

Critical · CVSS 9.1

IBM Aspera HSTS for CP4I — Authentication Bypass

CVSS: 9.1; nvd
EPSS: 0.04%; 11th pct
KEV: No
Class: other; CWE-287, NVD-CWE-noinfo

Description

IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19 is affected by an authentication bypass vulnerability. A transfer client may be able to take advantage of this vulnerability to access files in the server's local storage that they should not have access to, when specific restriction settings are not in place.

Search profile — drives PoC discovery

Symbols HSTSCP4Itransfer clientlocal storagerestriction settingsIBM Aspera High-Speed Transfer Server

Keywords CVE-2026-7876IBM Aspera HSTSCP4I authentication bypassAspera High-Speed Transfer Server bypassIBM Aspera CP4I file accessCWE-287 AsperaAspera HSTS 1.5.1 1.5.19

Versions: 1.5.1 through 1.5.19

References

https://www.ibm.com/support/pages/node/7274127

Status: enriched · ingested 2026-06-11T18:20:51.547Z · profiled 2026-06-16T18:20:23.035Z