What is GHSA-2qr9-h6wh-7p92?

GHSA-2qr9-h6wh-7p92 is a security advisory published by GitHub Security Advisories with Medium severity. IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed...

Which CVE IDs does GHSA-2qr9-h6wh-7p92 cover?

GHSA-2qr9-h6wh-7p92 covers the following CVE IDs: CVE-2026-9035. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-2qr9-h6wh-7p92?

GHSA-2qr9-h6wh-7p92 has a CVSS v3 base score of 6.5, published by GitHub Security Advisories.

GHSA-2qr9-h6wh-7p92MediumCVSS 6.5

IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed...

Vendor

GitHub Security Advisories

Published

May 27, 2026

Last Modified

May 27, 2026

🔗 CVE IDs covered (1)

CVE-2026-9035 →

📋 Description

IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential arbitrary file read in the asperahttpd component. An authenticated user may be able to take advantage of this vulnerability to access files in the server’s local storage that they should not have access to.

🔗 References (3)

https://nvd.nist.gov/vuln/detail/CVE-2026-9035
https://www.ibm.com/support/pages/node/7273615
https://github.com/advisories/GHSA-2qr9-h6wh-7p92