Fortra Goanywhere Managed File Transfer — known CVE vulnerabilities
Every CVE whose affected-product data names Fortra Goanywhere Managed File Transfer, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVE-2024-0204 — CVSS 9.8 (critical): Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration…
CVE-2025-14362 — CVSS 7.3 (high): The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in…
CVE-2024-25157 — CVSS 6.5 (medium): An authentication bypass vulnerability in GoAnywhere MFT prior to 7.6.0 allows Admin Users with access to the Agent Console to circumvent…
CVE-2024-25156 — CVSS 6.5 (medium): A path traversal vulnerability exists in GoAnywhere MFT prior to 7.4.2 which allows attackers to circumvent endpoint-specific permission…
CVE-2026-1089 — CVSS 6.5 (medium): User‑Controlled HTTP Header in Fortra's GoAnywhere MFT prior to version 7.10.0 allows attackers to trigger a DNS lookup, as well as DNS…
CVE-2024-11922 — CVSS 6.3 (medium): Missing input validation in certain features of the Web Client of Fortra's GoAnywhere prior to version 7.8.0 allows an attacker with…
CVE-2025-1241 — CVSS 5.8 (medium): Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 utilize a static IV which…
CVE-2026-0972 — CVSS 5.4 (medium): HTML injection is possible in system generated emails in Fortra's GoAnywhere MFT prior to 7.10.0. Note: The title, details, and description…
CVE-2026-0971 — CVSS 4.3 (medium): An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML configured Web Users being redirected…
CVE-2025-8148 — CVSS 4.2 (medium): An Improper Access Control in the SFTP service in Fortra's GoAnywhere MFT prior to version 7.9.0 allows Web Users with an Authentication…
CVE-2025-0049 — CVSS 3.5 (low): When a Web User without Create permission on subfolders attempts to upload a file to a non-existent directory, the error message includes…