GoAnywhere MFT SAML Sessions do not redirect to logout URL on session timeout

FI-2026-003 - GoAnywhere MFT SAML Sessions do not redirect to logout URL on session timeout

Severity

Medium

Published Date

21-Apr-2026

Updated Date

21-Apr-2026

Vulnerabilities

CVE-2026-0971

Notes

Description

An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML configured Web Users being redirected to the regular login page instead of the SAML login page.

Vulnerabilities

GoAnywhere MFT SAML Sessions do not redirect to logout URL on session timeout

Severity

Medium

CVE

CVE-2026-0971

CWE

CWE-613: Insufficient session expiration

Discovery Date

17-Nov-2023

CSSv3.1

4.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/A:N)

Affected Products

GoAnywhere MFT

Vulnerability Notes

Remediation: Vendor Fix

Update to version 7.10.0 or higher of GoAnywhere MFT

References

(https://www.cve.org/cverecord?id=CVE-2026-0971)

GoAnywhere MFT SAML Sessions do not redirect to logout URL on session timeout

FI-2026-003 - GoAnywhere MFT SAML Sessions do not redirect to logout URL on session timeout

Notes

Vulnerabilities

Vulnerability Notes

References

Privacy Policy

Cookie Policy

Terms of Service

Accessibility

Fortra AI Use

Impressum