Goanywhere MFT — Vulnerabilities & Security Advisories 14

All 14 CVE vulnerabilities found in Goanywhere MFT, with AI-generated Chinese analysis, references, and POCs.

Vendor: Fortra

CVE ID	Title	CVSS	Severity	Published
CVE-2026-1089	User‑Controlled HTTP Header In Fortra's GoAnywhere MFT Allows Arbitrary DNS Lookups CWE-74	6.5	Medium	2026-04-21
CVE-2026-0972	HTML Injection possible in system generated emails in Fortra's GoAnywhere MFT CWE-74	5.4	Medium	2026-04-21
CVE-2026-0971	GoAnywhere MFT SAML Sessions do not redirect to logout URL on session timeout CWE-613	4.3	Medium	2026-04-21
CVE-2025-14362	GoAnywhere MFT SFTP Service Login Vulnerable to Brute Force Attack Under Certain Circumstances CWE-307	7.3	High	2026-04-21
CVE-2025-1241	Encryption vulnerable to brute-force decryption in GoAnywhere MFT CWE-326	5.8	Medium	2026-04-21
CVE-2025-8148	CVE-2025-8148 Improper Access Control in SFTP service of GoAnywhere MFT CWE-732	4.2	Medium	2025-12-05
CVE-2025-10035	Deserialization Vulnerability in GoAnywhere MFT's License Servlet CWE-77	10.0	Critical	2025-09-18
CVE-2025-3871	Broken Access Control Leads to Limited Denial of Service in GoAnywhere MFT 7.8.0 and earlier CWE-862	5.3	Medium	2025-07-16
CVE-2024-11922	Input Validation vulnerability in Web Client emails that do not go through Secure Mail CWE-79	6.3	Medium	2025-04-28
CVE-2024-9945	Limited Information Disclosure in GoAnywhere MFT Prior to 7.7.0 CWE-200	5.3	Medium	2024-12-13
CVE-2024-25157	Authentication bypass in GoAnywhere MFT prior to 7.6.0 CWE-303	6.5	Medium	2024-08-14
CVE-2024-25156	Path traversal in GoAnywhere MFT 7.4.1 and Earlier CWE-22	6.5	Medium	2024-03-14
CVE-2024-0204	Authentication Bypass in GoAnywhere MFT CWE-425	9.8	Critical	2024-01-22
CVE-2023-0669	Fortra GoAnywhere MFT License Response Servlet Command Injection CWE-502	8.8	-	2023-02-06

All 14 known CVE vulnerabilities affecting Goanywhere MFT with full Chinese analysis, references, and POCs where available.