SecAlerts
CVE ListPricingSign Up
fortra logo

fortra

Security Risk Profile

37
/100
low

Security Risk Score

Comprehensive risk assessment based on 42 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from September 22, 2022 to present

42
Total CVEs
13
Critical+High
10
Exploited
3
Unpatched

Threat Assessment

Avg CVSS
6.9
Base severity
Avg EPSS
4%
Exploit probability
Unpatched
3
Critical/High
Risk Level
37/100
low
⚠️ 10 Active Exploits 6 Zero-Days

Severity Distribution

Critical
7
High
6
Medium
18
Low
0

Exploit Likelihood

>50% chance
1
20-50%
0
5-20%
0
<5%
12

Age Distribution

Common Weaknesses (CWE)

1
XSS
3
2
SQL Injection
3
3
Command Injection
2
4
Input Validation
2
5
Infoleak
2

Most Affected Products

1. Fortra GoAnywhere MFT29
2. Fortra Goanywhere Managed File Transfer15
3. Fortra FileCatalyst Workflow12
4. HelpSystems Cobalt Strike3
5. Fortra GoAnywhere Agents2

Recent Vulnerabilities

See more →
CVE-2026-1089
CVSS 6.5medium

User‑Controlled HTTP Header In Fortra's GoAnywhere MFT Allows Arbitrary DNS Lookups

4/21/2026
CVE-2026-0972
CVSS 5.4medium

HTML Injection possible in system generated emails in Fortra's GoAnywhere MFT

4/21/2026
CVE-2026-0971
CVSS 4.3medium

GoAnywhere MFT SAML Sessions do not redirect to logout URL on session timeout

4/21/2026
CVE-2025-14362
CVSS 7.3high

GoAnywhere MFT SFTP Service Login Vulnerable to Brute Force Attack Under Certain Circumstances

4/21/2026
CVE-2025-1241
CVSS 5.8medium

Encryption vulnerable to brute-force decryption in GoAnywhere MFT

4/21/2026
CVE-2025-13532
CVSS 6.2medium

Weak Password Hash in Core Privileged Access Manager (BoKS)

12/16/2025
CVE-2025-8148
CVSS 4.2medium

Improper Access Control in SFTP service of GoAnywhere MFT

12/5/2025
https://www.bleepingcomputer.com/news/security/microsoft-critical-goanywhere-bug-exploited-in-ransomware-attacks/
unknown

Microsoft: Critical GoAnywhere bug exploited in ransomware attacks

10/6/2025⚠ Exploited⚡ Zero-Day🔧 No Patch
https://www.theregister.com/2025/09/26/an_apts_playground_goanywhere_perfect10/
unknown

‘An attacker's playground:’ Crims exploit GoAnywhere perfect-10 bug

9/26/2025⚠ Exploited🔧 No Patch
https://www.bleepingcomputer.com/news/security/maximum-severity-goanywhere-mft-flaw-exploited-as-zero-day/
unknown

Maximum severity GoAnywhere MFT flaw exploited as zero day

9/26/2025⚠ Exploited⚡ Zero-Day🔧 No Patch

Monitor fortra in Real-Time

Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
Powered bySecAlerts

Monitor Your Software Stack in Real-Time

Get instant alerts when vulnerabilities are discovered in your software stack. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
AboutNewsDocumentationTermsContact

© 2026 SecAlerts Pty Ltd. All rights reserved.

fortra Security Vulnerabilities & Risk Score | 42 CVEs | SecAlerts - SecAlerts