[SBA-ADV-20251120-01] CVE-2026-0972: GoAnywhere MFT Email HTML Injection

Kurzinfo

Veroeffentlicht: 2026-04-29 17:30 UTC Importiert: 2026-05-14 18:44 UTC Quelle-ID: full_disc uid_hash: ea31827de2bbf1a941c48655ec3171127f83811993104ef04ce7791301b389b7
Full Disclosure

Inhalt

Posted by SBA Research Security Advisory via Fulldisclosure on Apr 29 # GoAnywhere MFT Email HTML Injection # Link: https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20251120-01_GoAnywhere_MFT_Email_HTML_Injection ## Vulnerability Overview ## GoAnywhere MFT before 7.10.0 is affected by an HTML injection vulnerability in its email templating functionality. If an attacker is able to influence the content of a template variable, malicious HTML can be embedded into outgoing emails generated by the...

Verknuepfte CVEs

CVE-ID Severity (CVE.org) CVSS (CVE.org) EPSS EPSS-% Veroeffentlicht (CVE.org)

CVE-2026-0972

 - - - -

Quellen-Details

Bezeichnung Name Kategorie Tags Zielgruppe Sprache Feed-URL
Full Disclosure

full_disc

 threat_intel - de https://seclists.org/rss/fulldisclosure.rss
Zurueck zur Eintrags-Liste