CVE-2026-0971

Summary

An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML configured Web Users being redirected to the regular login page instead of the SAML login page.

Affected Software

VendorProductVersion RangeStatus
FortraGoAnywhere MFT0 < 7.10.0affected

Weaknesses

  • CWE-613: CWE-613 Insufficient session expiration

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References