Known Vulnerabilities for GoAnywhere MFT by Fortra
Listed below are 5 of the newest known vulnerabilities associated with "GoAnywhere MFT" by "Fortra".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-1089 json | User‑Controlled HTTP Header in Fortra's GoAnywhere MFT prior to version 7.10.0 allows attackers to trigger a DNS lookup, as... | Not Provided | 2026-04-21 | 2026-04-21 |
| CVE-2026-0972 json | HTML injection is possible in system generated emails in Fortra's GoAnywhere MFT prior to 7.10.0. Note: The title, details,... | Not Provided | 2026-04-21 | 2026-04-22 |
| CVE-2026-0971 json | An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML configured Web Users bei... | Not Provided | 2026-04-21 | 2026-04-21 |
| CVE-2025-14362 json | The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to... | Not Provided | 2026-04-21 | 2026-04-21 |
| CVE-2025-1241 json | Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 utilize a st... | Not Provided | 2026-04-21 | 2026-04-21 |