Goanywhere mft
This hub aggregates every CVE we track for Goanywhere mft, a product in the enterprise software space. Use it to gauge the current risk picture and drill into individual advisories.
14
CVEs tracked
2
Critical
2
High
2
In CISA KEV
Severity distribution
MEDIUM10HIGH2CRITICAL2
Monthly trend
1
0
0
0
1
0
0
0
1
0
0
1
0
1
0
0
1
0
0
0
5
0
0
0
2024-082026-07
Latest CVEs
The 14 most recently published vulnerabilities affecting Goanywhere mft.
- CVE-2026-1089User‑Controlled HTTP Header In Fortra's GoAnywhere MFT Allows Arbitrary DNS Lookups6.5
- CVE-2026-0972HTML Injection possible in system generated emails in Fortra's GoAnywhere MFT5.4
- CVE-2026-0971GoAnywhere MFT SAML Sessions do not redirect to logout URL on session timeout4.3
- CVE-2025-14362GoAnywhere MFT SFTP Service Login Vulnerable to Brute Force Attack Under Certain Circumstances7.3
- CVE-2025-1241Encryption vulnerable to brute-force decryption in GoAnywhere MFT5.8
- CVE-2025-8148CVE-2025-8148 Improper Access Control in SFTP service of GoAnywhere MFT4.2
- CVE-2025-10035Deserialization Vulnerability in GoAnywhere MFT's License ServletKEV10.0
- CVE-2025-3871Broken Access Control Leads to Limited Denial of Service in GoAnywhere MFT 7.8.0 and earlier5.3
- CVE-2024-11922Input Validation vulnerability in Web Client emails that do not go through Secure Mail6.3
- CVE-2024-9945Limited Information Disclosure in GoAnywhere MFT Prior to 7.7.05.3
- CVE-2024-25157Authentication bypass in GoAnywhere MFT prior to 7.6.06.5
- CVE-2024-25156Path traversal in GoAnywhere MFT 7.4.1 and Earlier6.5
- CVE-2024-0204Authentication Bypass in GoAnywhere MFT9.8
- CVE-2023-0669Fortra GoAnywhere MFT License Response Servlet Command InjectionKEV7.2
Product normalization is registry-driven with AI assist and human review. How it works