Primary

Context

Fortra GoAnywhere MFT SFTP Brute Force Vulnerability

Vulnerability

Patched

A vulnerability exists in Fortra's GoAnywhere MFT SFTP service in versions prior to 7.10.0. The issue arises because the login limit is not enforced for Web Users configured to authenticate using SSH keys. This lack of restriction allows for brute force attacks to guess the SSH keys.

Impact

Exploitation of this vulnerability could lead to successful brute force attacks on SSH key authentication, potentially allowing unauthorized access.

Remediation

Users are advised to upgrade to GoAnywhere MFT version 7.10.0 or later, where this vulnerability has been addressed.

Added: Apr 21, 2026, 4:05 PM

Updated: Apr 21, 2026, 4:05 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

1.3

exploitability

6.8

remediation

7.7

relevance

6.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

1.3

exploitability

6.8

remediation

7.7

relevance

6.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fortra GoAnywhere MFT SFTP Brute Force Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Fortra GoAnywhere MFT

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating