Primary

Context

Fortra GoAnywhere MFT User-Controlled HTTP Header Vulnerability Allowing DNS Lookup, DNS Rebinding, and Information Disclosure

Vulnerability

A vulnerability in Fortra's GoAnywhere MFT, prior to version 7.10.0, allows attackers to manipulate HTTP headers to initiate a DNS lookup. This issue also facilitates DNS rebinding attacks and could lead to unauthorized information disclosure.

Impact

Exploitation of this vulnerability could result in DNS lookups being triggered by the application, potentially allowing for DNS rebinding attacks, which could be used to bypass the same-origin policy in web browsers. Additionally, the vulnerability could lead to unauthorized information disclosure.

Remediation

Users are advised to update to Fortra GoAnywhere MFT version 7.10.0 or later.

Added: Apr 21, 2026, 3:39 PM

Updated: Apr 21, 2026, 3:39 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

1.0

exploitability

7.6

remediation

0.0

relevance

6.2

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

1.0

exploitability

7.6

remediation

0.0

relevance

6.2

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fortra GoAnywhere MFT User-Controlled HTTP Header Vulnerability Allowing DNS Lookup, DNS Rebinding, and Information Disclosure

Vulnerability

Impact

Remediation

Affected Products

Fortra GoAnywhere MFT

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating