CVE-2026-0972

CVSS Score & Metrics

Base Score

7.3 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L                                    

Vulnerability Description

The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in with an SSH Key, making the SSH key vulnerable to being guessed via Brute Force.

Vulnerability Details

Published Date

April 21, 2026

Last Modified

April 23, 2026

CWE ID

CWE-307

Source

NVD

Vendor

fortra

Product

goanywhere_managed_file_transfer

External References

https://fortra.com/security/advisories/product-security/fi-2026-004

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment