threat
engine
.sh
Back
·
··:··
Home
/
Product
/
fortra goanywhere managed file transfer
Product
fortra goanywhere managed file transfer
14 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-1089
< 7.10.0
User‑Controlled HTTP Header in Fortra's GoAnywhere MFT prior to version 7.10.0 allows attackers to trigger a DNS lookup, as well
6.5
MEDIUM
CVE-2026-0972
< 7.10.0
HTML injection is possible in system generated emails in Fortra's GoAnywhere MFT prior to 7.10.0. Note: The title, details, and
5.4
MEDIUM
CVE-2026-0971
< 7.10.0
An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML configured Web Users being re
4.3
MEDIUM
CVE-2025-1241
< 7.10.0
Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 utilize a static
5.8
MEDIUM
CVE-2025-14362
< 7.10.0
The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be l
7.3
HIGH
CVE-2025-8148
< 7.9.0
An Improper Access Control in the SFTP service in Fortra's GoAnywhere MFT prior to version 7.9.0 allows Web Users with an Authenti
4.2
MEDIUM
CVE-2025-10035
< 7.6.3
A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged license re
10.0
CRITICAL
CVE-2025-0049
< 7.8.0
When a Web User without Create permission on subfolders attempts to upload a file to a non-existent directory, the error message i
3.5
LOW
CVE-2024-11922
< 7.8.0
Missing input validation in certain features of the Web Client of Fortra's GoAnywhere prior to version 7.8.0 allows an attacker wi
6.3
MEDIUM
CVE-2024-25157
< 7.6.0
An authentication bypass vulnerability in GoAnywhere MFT prior to 7.6.0 allows Admin Users with access to the Agent Console to cir
6.5
MEDIUM
CVE-2024-25156
< 7.4.2
A path traversal vulnerability exists in GoAnywhere MFT prior to 7.4.2 which allows attackers to circumvent endpoint-specific perm
6.5
MEDIUM
CVE-2024-0204
>= 7.0.0 and < 7.4.1
Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the admini
9.8
CRITICAL
CVE-2023-0669
< 7.1.2
Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Res
7.2
HIGH
CVE-2021-46830
< 6.8.3
A path traversal vulnerability exists within GoAnywhere MFT before 6.8.3 that utilize self-registration for the GoAnywhere Web Cli
6.5
MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin