EUVD-2026-24128

An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML configured Web Users being redirected to the regular login page instead of the SAML login page...

CVE-2026-0972

HTML injection is possible in system generated emails in Fortra's GoAnywhere MFT prior to 7.10.0. Note: The title, details, and description of this CVE were corrected post-publishing...

CVE-2025-1241

Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 utilize a static IV which allows admin users to brute-force decryption of data...

CVE-2026-1089 User‑Controlled HTTP Header In Fortra's GoAnywhere MFT Allows Arbitrary DNS Lookups

User‑Controlled HTTP Header in Fortra's GoAnywhere MFT prior to version 7.10.0 allows attackers to trigger a DNS lookup, as well as DNS Rebinding and Information Disclosure...

CVE-2026-0971

An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML configured Web Users being redirected to the regular login page instead of the SAML login page...

CVE-2025-1241 Encryption vulnerable to brute-force decryption in GoAnywhere MFT

Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 utilize a static IV which allows admin users to brute-force decryption of data...

Fortra GoAnywhere MFT 安全漏洞

Fortra GoAnywhere MFT is a file transfer software developed by the American company Fortra. Versions of Fortra GoAnywhere MFT prior to 7.10.0 contained a security vulnerability. This vulnerability stemmed from the SFTP service not enforcing login restrictions when the web user was configured to l...

PT-2026-33979

User‑Controlled HTTP Header in Fortra's GoAnywhere MFT prior to version 7.10.0 allows attackers to trigger a DNS lookup, as well as DNS Rebinding and Information Disclosure...

Fortra GoAnywhere 安全漏洞

Fortra GoAnywhere is a secure file transfer solution provided by the American company Fortra. There were security vulnerabilities in versions of Fortra GoAnywhere MFT 7.10.0 and earlier, as well as in GoAnywhere Agents 2.2.0 and earlier. These vulnerabilities stemmed from the use of static IVs fo...

Fortra GoAnywhere MFT 安全漏洞

Fortra GoAnywhere MFT is a file transfer software developed by the American company Fortra. Versions of Fortra GoAnywhere MFT prior to version 7.10.0 contained security vulnerabilities. These vulnerabilities stemmed from user-controlled HTTP headers, which could allow attackers to trigger DNS...

GoAnywhere - Authentication Bypass

Fortra GoAnywhere MFT contains an insecure deserialization vulnerability in the License Servlet caused by deserializing attacker-controlled objects with a valid forged license response signature, letting attackers perform command injection, exploit requires valid forged license signature. id:...

Exploit for Deserialization of Untrusted Data in Fortra Goanywhere_Managed_File_Transfer

Structure du projet cve-2023-0669-simulation/ ├── docker-comp...

CVE-2025-8148

CVE-2025-8148 concerns Fortra’s GoAnywhere MFT; all connected sources describe an improper access control in the SFTP service for versions prior to 7.9.0. Web users who have an Authentication Alias and a valid SSH key but are restricted to password authentication can still log in using their SSH ...

PT-2025-49314

Name of the Vulnerable Software and Affected Versions GoAnywhere MFT versions prior to 7.9.0 Description An improper access control exists in the SFTP service. This affects web users who have an authentication alias and a valid SSH key, but are limited to password authentication for SFTP. These...

EUVD-2025-21703

Malicious code in bioql PyPI...

Critical CVSS 10 Flaw in GoAnywhere File Transfer Threatens 20,000 Systems

Urgent warning for Fortra GoAnywhere MFT users. A CVSS 10.0 deserialization vulnerability CVE-2025-10035 in the License Servlet allows command injection. Patch to v7.8.4 immediately to prevent system takeover...

CVE-2025-3871

Broken access control in Fortra's GoAnywhere MFT prior to 7.8.1 allows an attacker to create a denial of service situation when configured to use GoAnywhere One-Time Password GOTP email two-factor authentication 2FA and the user has not set an email address. In this scenario, the attacker may ent...

CVE-2025-3871

Broken access control in Fortra's GoAnywhere MFT prior to 7.8.1 allows an attacker to create a denial of service situation when configured to use GoAnywhere One-Time Password GOTP email two-factor authentication 2FA and the user has not set an email address. In this scenario, the attacker may ent...

Fortra GoAnywhere MFT 安全漏洞

Fortra GoAnywhere MFT is a file transfer software from Fortra, Inc. A security vulnerability exists in Fortra GoAnywhere MFT versions prior to 7.8.1 that stems from an access control flaw that could lead to a denial of service attack...

Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass

!/usr/bin/env python3 -- coding: utf-8 -- Exploit Title: Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass Date: 2025-05-25 Exploit Author: @ibrahimsql Exploit Author's github: https://github.com/ibrahimsql Vendor Homepage: https://www.fortra.com/products/secure-file-transfer/goanywhere-mft...