CVE-2026-0971: GoAnywhere MFT SAML Sessions do not redirect to logout URL on session timeout
Published Apr 21, 2026
·Updated
An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML configured Web Users being redirected to the regular login page instead of the SAML login page.
Affected Software
2 affected components
Fortra GoAnywhere MFT<7.10.0
Fortra Goanywhere Managed File Transfer<7.10.0
Remediation
Information
Update to version 7.10.0 or higher of GoAnywhere MFT
Event History
Apr 21, 2026
CVE Published
via MITRE·02:14 PM
Data Sourced
via MITRE·02:14 PM
RemedyDescriptionSeverityWeakness
Data Sourced
via NVD·03:16 PM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2026-0971?
CVE-2026-0971 is classified as a high severity vulnerability due to its potential impact on session management.
2
How do I fix CVE-2026-0971?
To fix CVE-2026-0971, upgrade your Fortra GoAnywhere MFT software to version 7.10.0 or later.
3
What type of systems are affected by CVE-2026-0971?
CVE-2026-0971 affects GoAnywhere MFT deployments configured with SAML authentication prior to version 7.10.0.
4
What is the main issue caused by CVE-2026-0971?
The main issue caused by CVE-2026-0971 is that users are redirected to an incorrect login page after a session timeout.
5
Who is the vendor of the software affected by CVE-2026-0971?
The vendor of the affected software is Fortra, specifically their GoAnywhere MFT product.