CVE-2026-0971

EUVD-2026-24128
An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML configured Web Users being redirected to the regular login page instead of the SAML login page.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 10%
Affected Products (NVD)
VendorProductVersion
fortragoanywhere_managed_file_transfer
𝑥
< 7.10.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://fortra.com/security/advisories/product-security/fi-2025-013