Fortra® Security & Trust Center

Blog

Fortra Patch Priority Index for April 2026

By Lane Thames on Tue, 05/19/2026

Get the latest Patch Priority Index from Fortra which highlights critical Microsoft and Google vulnerabilities, covering Edge, Office, Windows, .NET, and key server components.

Blog

Agentic AI's Affordability Gap Is a Security Problem

By Josh Taylor on Mon, 05/18/2026

The first agentic SOC products entering trial or are in early access phases are already metering investigations by token consumption and rate-limiting how many an organization can run per hour. Enterprise buyers can absorb this. Mid-market companies, public sector agencies, and critical infrastructure operators running lean security programs cannot, and they face the same threat landscape.

Blog

May 2026 Patch Tuesday Analysis

By Tyler Reguly on Tue, 05/12/2026

This Patch Tuesday Analysis addresses Microsoft’s April 2026 Security Updates. Fortra Intelligence and Research Experts are actively working on coverage for these vulnerabilities.

Blog

BEC Global Insights Report: April 2026

By JT Newby on Mon, 05/11/2026

Discover key April 2026 BEC threat insights from Fortra Intelligence & Research Experts (FIRE), including a 151% surge in attack volume, increased cryptocurrency scams, advanced fee fraud trends, rising wire transfer requests, and evolving email tactics used by cybercriminals.

Emerging Threats

Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID™ Authentication Portal

Wed, 05/06/2026

Fortra is actively researching a critical vulnerability, CVE-2026-0300, that could allow attackers to execute arbitrary code with root privileges on affected Palo Alto Networks PAN-OS devices. CVE-2026-0300 is an unauthenticated user initiated buffer overflow vulnerability in the PAN-OS User-ID™ Authentication Portal service.

Security Advisory

HTML Injection possible in system generated emails in Fortra's GoAnywhere MFT

Wed, 04/22/2026

HTML injection is possible in system generated emails in Fortra's GoAnywhere MFT prior to 7.10.0. Note: The title, details, and description of this CVE were corrected post-publishing.

Security Advisory

GoAnywhere MFT SFTP Service Login Vulnerable to Brute Force Attack Under Certain Circumstances

Tue, 04/21/2026

The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in with an SSH Key, making the SSH key vulnerable to being guessed via Brute Force.

Security Advisory

GoAnywhere MFT SAML Sessions do not redirect to logout URL on session timeout

Tue, 04/21/2026

An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML configured Web Users being redirected to the regular login page instead of the SAML login page.

Security Advisory

User‑Controlled HTTP Header In Fortra's GoAnywhere MFT Allows Arbitrary DNS Lookups

Tue, 04/21/2026

User‑Controlled HTTP Header in Fortra's GoAnywhere MFT prior to version 7.10.0 allows attackers to trigger a DNS lookup, as well as DNS Rebinding and Information Disclosure.

Security Advisory

Encryption vulnerable to brute-force decryption in GoAnywhere MFT

Tue, 04/21/2026

Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 utilize a static IV which allows admin users to brute-force decryption of data.

Fortra® Security & Trust Center

Fortra Patch Priority Index for April 2026

Agentic AI's Affordability Gap Is a Security Problem

May 2026 Patch Tuesday Analysis

BEC Global Insights Report: April 2026

Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID™ Authentication Portal

HTML Injection possible in system generated emails in Fortra's GoAnywhere MFT

GoAnywhere MFT SFTP Service Login Vulnerable to Brute Force Attack Under Certain Circumstances

GoAnywhere MFT SAML Sessions do not redirect to logout URL on session timeout

User‑Controlled HTTP Header In Fortra's GoAnywhere MFT Allows Arbitrary DNS Lookups

Encryption vulnerable to brute-force decryption in GoAnywhere MFT

Privacy Policy

Cookie Policy

Terms of Service

Accessibility

Fortra AI Use

Impressum