CVE-2026-1089

216.73.216.36

· Published 21/04/2026 15:16 · Modified 21/04/2026 16:20

Labels: CVE-2026-1089 2026-04-21 CVE-2026-1089 CWE-74 df4dee71-de3a-4139-9588-11b62fe6c0ff

Essential information

Published: 21/04/2026 15:16
Modified: 21/04/2026 16:20
Author: —
Creator: —
CVSS: 6.5 MEDIUM (v3.1)
CISA KEV: No
CWE: —
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

CVSS metrics

Description

User‑Controlled HTTP Header in Fortra's GoAnywhere MFT prior to version 7.10.0 allows attackers to trigger a DNS lookup, as well as DNS Rebinding and Information Disclosure.

NVD status

Status: Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: df4dee71-de3a-4139-9588-11b62fe6c0ff
NVD: View on NVD

Affected products (CPE)

Product	CPE
fortra / goanywhere mft	`cpe:2.3:a:fortra:goanywhere_mft:<7.10.0::::::`