GoAnywhere MFT SAML Sessions do not redirect to logout URL...

4.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Description

An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML configured Web Users being redirected to the regular login page instead of the SAML login page.

Basic Information

ID CVE-2026-0971

Source Fortra

Published Apr 21, 2026 at 14:14

Affected Product

Vendor Fortra

Product GoAnywhere MFT

Affected Versions Fortra GoAnywhere MFT 0

CWE Classification

CWE-613

References

fortra.com /security/advisories/product-security/fi-2025-013

{
    "lastseen": "",
    "description": "An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML configured Web Users being redirected to the regular login page instead of the SAML login page.",
    "published": "2026-04-21T14:14:23.423Z",
    "modified": "2026-04-21T14:14:23.423Z",
    "type": "cve",
    "title": "GoAnywhere MFT SAML Sessions do not redirect to logout URL on session timeout",
    "source": "Fortra",
    "references": "https://fortra.com/security/advisories/product-security/fi-2025-013",
    "id": "CVE-2026-0971",
    "bulletinFamily": "",
    "cwe": [
        "CWE-613"
    ],
    "cvelist": null,
    "sourceData": "Fortra GoAnywhere MFT 0",
    "sourceHref": "",
    "cvss": {
        "score": 4.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "GoAnywhere MFT",
    "version": "0",
    "vendor": "Fortra",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

GoAnywhere MFT SAML Sessions do not redirect to logout URL on session timeout_CVE-2026-0971