CVE-2026-0972
5.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
HTML injection is possible in system generated emails in Fortra's GoAnywhere MFT prior to 7.10.0.
Note: The title, details, and description of this CVE were corrected post-publishing.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Fortra | GoAnywhere MFT | 0 < 7.10.0 | affected |
Weaknesses
- CWE-74: CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Workarounds
Reduce access to the system.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.