← back
CVE-2026-0971

GoAnywhere MFT SAML Sessions do not redirect to logout URL on session timeout

CVSS 4.3 MEDIUMEPSS 0.2%CWE-613
An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML configured Web Users being redirected to the regular login page instead of the SAML login page.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Affected products
Fortra · GoAnywhere MFT

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://fortra.com/security/advisories/product-security/fi-2025-013