What is CVE-2026-0971?

CVE-2026-0971 is a medium-severity vulnerability in Fortra Goanywhere Mft, classified under Insufficient Session Expiration. CVSS score: 4.3/10. Published 2026-04-21.

How severe is CVE-2026-0971?

Medium severity. CVSS v3 base score is 4.3 out of 10.

Vulnerability in Fortra Goanywhere Mft

CVE-2026-0971

An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML configured Web Users being redirected to the regular login page instead of the SAML login page.

EPSS: 0.000 (10.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N.

Affected products

Fortra Goanywhere Mft — versions 0

Weakness classification (CWE)

CWE-613 — Insufficient Session Expiration

References

fortra.com/security/advisories/product-security/fi-2025-013

Frequently asked questions

What is CVE-2026-0971?: CVE-2026-0971 is a medium-severity vulnerability in Fortra Goanywhere Mft, classified under Insufficient Session Expiration. CVSS score: 4.3/10. Published 2026-04-21.
How severe is CVE-2026-0971?: Medium severity. CVSS v3 base score is 4.3 out of 10.