Goanywhere managed file transfer
This hub aggregates every CVE we track for Goanywhere managed file transfer, a product in the enterprise software space. Use it to gauge the current risk picture and drill into individual advisories.
14
CVEs tracked
2
Critical
2
High
2
In CISA KEV
Severity distribution
MEDIUM9HIGH2CRITICAL2LOW1
Monthly trend
1
0
0
0
0
0
0
0
2
0
0
0
0
1
0
0
1
0
0
0
5
0
0
0
2024-082026-07
Latest CVEs
The 14 most recently published vulnerabilities affecting Goanywhere managed file transfer.
- CVE-2026-1089User‑Controlled HTTP Header In Fortra's GoAnywhere MFT Allows Arbitrary DNS Lookups6.5
- CVE-2026-0972HTML Injection possible in system generated emails in Fortra's GoAnywhere MFT5.4
- CVE-2026-0971GoAnywhere MFT SAML Sessions do not redirect to logout URL on session timeout4.3
- CVE-2025-14362GoAnywhere MFT SFTP Service Login Vulnerable to Brute Force Attack Under Certain Circumstances7.3
- CVE-2025-1241Encryption vulnerable to brute-force decryption in GoAnywhere MFT5.8
- CVE-2025-8148CVE-2025-8148 Improper Access Control in SFTP service of GoAnywhere MFT4.2
- CVE-2025-10035Deserialization Vulnerability in GoAnywhere MFT's License ServletKEV10.0
- CVE-2024-11922Input Validation vulnerability in Web Client emails that do not go through Secure Mail6.3
- CVE-2025-0049Disclosure of sensitive information in an error message in GoAnywhere prior to version 7.8.03.5
- CVE-2024-25157Authentication bypass in GoAnywhere MFT prior to 7.6.06.5
- CVE-2024-25156Path traversal in GoAnywhere MFT 7.4.1 and Earlier6.5
- CVE-2024-0204Authentication Bypass in GoAnywhere MFT9.8
- CVE-2023-0669Fortra GoAnywhere MFT License Response Servlet Command InjectionKEV7.2
- CVE-2021-46830A path traversal vulnerability exists within GoAnywhere MFT before 6.8.3 that utilize self-registration for the GoAnywhere Web Client. This vulnerability could potentially allow an external user wh...6.5
Product normalization is registry-driven with AI assist and human review. How it works