Fortra GoAnywhere MFT Mehrere Schwachstellen CVSS 7.3
Summary
CERT-Bund published security advisory WID-SEC-2026-1216 on April 21, 2026, disclosing multiple vulnerabilities in Fortra GoAnywhere MFT (Managed File Transfer) versions prior to 7.10.0. The vulnerabilities carry a CVSS Base Score of 7.3 (high) and a Temporal Score of 6.4 (medium), with remote attack capability confirmed. Affected organizations include any entity running GoAnywhere MFT on Windows, UNIX, or other operating systems that has not applied the vendor patch.
“Ein Angreifer kann mehrere Schwachstellen in Fortra GoAnywhere MFT ausnutzen, um Informationen offenzulegen, Daten zu manipulieren und Sicherheitsmaßnahmen zu umgehen.”
Organizations running GoAnywhere MFT below version 7.10.0 should treat this as an immediate remediation priority given the CVSS 7.3 score, confirmed remote attack vector, and the combination of confidentiality, integrity, and availability impacts. Enterprises using GoAnywhere MFT for automated file transfers with trading partners, healthcare systems, or financial institutions should audit their integration logs for indicators of exploitation and coordinate patches through their change-management processes — the product is commonly embedded in managed-file-transfer workflows that cross organizational boundaries.
About this source
GovPing monitors CERT-Bund Security Advisories for new data privacy & cybersecurity regulatory changes. Every update since tracking began is archived, classified, and available as free RSS or email alerts — 368 changes logged to date.
What changed
The advisory identifies that attackers can exploit multiple vulnerabilities in Fortra GoAnywhere MFT to disclose information, manipulate data, and bypass security measures — a triad of impacts spanning confidentiality, integrity, and availability. The CVSS vector indicates remote, unauthenticated exploitation is possible, elevating this above low-severity advisories. Organizations operating GoAnywhere MFT as an enterprise file-transfer or integration platform should immediately verify their installed version and apply vendor-provided patches. The CVSS temporal score drop to 6.4 reflects the availability of mitigation measures and some remediation options in the current release.
What to do next
- Apply Fortra GoAnywhere MFT version 7.10.0 or later to address vulnerabilities
Archived snapshot
Apr 22, 2026GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.
[WID-SEC-2026-1216] Fortra GoAnywhere MFT: Mehrere Schwachstellen CVSS Base Score 7.3 (hoch) CVSS Temporal Score 6.4 (mittel) Remoteangriff ja Datum 21.04.2026 Stand 22.04.2026 Mitigation ja
Betroffene Systeme
Betriebssystem
- Sonstiges
- UNIX
- Windows
Produktbeschreibung
GoAnywhere MFT (Managed File Transfer) ist eine Lösung für den sicheren und effizienten Dateitransfer.
Produkte
21.04.2026
- Fortra GoAnywhere MFT <7.10.0
Angriff
Angriff
Ein Angreifer kann mehrere Schwachstellen in Fortra GoAnywhere MFT ausnutzen, um Informationen offenzulegen, Daten zu manipulieren und Sicherheitsmaßnahmen zu umgehen. CVE Informationen Versionshistorie Feedback zum Advisory geben
Parties
Related changes
Get daily alerts for CERT-Bund Security Advisories
Daily digest delivered to your inbox.
Free. Unsubscribe anytime.
Source
About this page
Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission
Source document text, dates, docket IDs, and authority are extracted directly from CERT-Bund.
The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.
Classification
Who this affects
Taxonomy
Browse Categories
Get alerts for this source
We'll email you when CERT-Bund Security Advisories publishes new changes.
Subscribed!
Optional. Filters your digest to exactly the updates that matter to you.