CVE-2026-0971 | THREATINT

Description

An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML configured Web Users being redirected to the regular login page instead of the SAML login page.

PUBLISHED Reserved 2026-01-14 | Published 2026-04-21 | Updated 2026-04-21 | Assigner Fortra

MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Problem types

CWE-613 Insufficient session expiration

Product status

Default status

unaffected

Any version before 7.10.0

affected

References

fortra.com/security/advisories/product-security/fi-2025-013

cve.org (CVE-2026-0971)

nvd.nist.gov (CVE-2026-0971)

Download JSON