Fortra Goanywhere Managed File Transfer
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Fortra Goanywhere Managed File Transfer.
By the Year
In 2026 there have been 0 vulnerabilities in Fortra Goanywhere Managed File Transfer. Last year, in 2025 Goanywhere Managed File Transfer had 2 security vulnerabilities published. Right now, Goanywhere Managed File Transfer is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 2 | 4.85 |
| 2024 | 3 | 7.60 |
| 2023 | 1 | 7.20 |
It may take a day or so for new Goanywhere Managed File Transfer vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Fortra Goanywhere Managed File Transfer Security Vulnerabilities
GoAnywhere up to 7.7: Path Leak via Invalid File Upload
CVE-2025-0049
4.3 - Medium
- April 28, 2025
When a Web User without Create permission on subfolders attempts to upload a file to a non-existent directory, the error message includes the absolute server path which may allow Fuzzing for application mapping. This issue affects GoAnywhere: before 7.8.0.
Generation of Error Message Containing Sensitive Information
GoAnywhere MFT 7.7 Web Client XSS via email HTML/JS injection
CVE-2024-11922
5.4 - Medium
- April 28, 2025
Missing input validation in certain features of the Web Client of Fortra's GoAnywhere prior to version 7.8.0 allows an attacker with permission to trigger emails to insert arbitrary HTML or JavaScript into an email.
XSS
Auth Bypass in GoAnywhere MFT <7.6.0 Agent Console
CVE-2024-25157
6.5 - Medium
- August 14, 2024
An authentication bypass vulnerability in GoAnywhere MFT prior to 7.6.0 allows Admin Users with access to the Agent Console to circumvent some permission checks when attempting to visit other pages. This could lead to unauthorized information disclosure or modification.
authentification
GoAnywhere MFT <7.4.2 Path Traversal bypassing endpoint permissions
CVE-2024-25156
6.5 - Medium
- March 14, 2024
A path traversal vulnerability exists in GoAnywhere MFT prior to 7.4.2 which allows attackers to circumvent endpoint-specific permission checks in the GoAnywhere Admin and Web Clients.
Directory traversal
GoAnywhere MFT <7.4.1 Auth Bypass: Admin Creation via Portal
CVE-2024-0204
9.8 - Critical
- January 22, 2024
Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.
forced browsing
Pre-auth Cmd Injection in Fortra GoAnywhere MFT pre-7.1.2
CVE-2023-0669
7.2 - High
- February 06, 2023
Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.
Marshaling, Unmarshaling
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Fortra Goanywhere Managed File Transfer or by Fortra? Click the Watch button to subscribe.
