CVE-2026-1089

· NIST NVD ↗

User‑Controlled HTTP Header in Fortra's GoAnywhere MFT prior to version 7.10.0 allows attackers to trigger a DNS lookup, as well as DNS Rebinding and Information Disclosure.

MEDIUM
CVSS severity
6.5
CVSS base score
2026-04-21
Published

CWE codes

CWE-74

Affected products

fortra:goanywhere_managed_file_transfer

Sources