CVE-2026-0972

· NIST NVD ↗

HTML injection is possible in system generated emails in Fortra's GoAnywhere MFT prior to 7.10.0. Note: The title, details, and description of this CVE were corrected post-publishing.

MEDIUM
CVSS severity
5.4
CVSS base score
2026-04-21
Published

CWE codes

CWE-74

Affected products

fortra:goanywhere_managed_file_transfer

Sources