vulnerability

Fortra GoAnywhere MFT: CVE-2021-46830: Improper Limitation of a Pathname to a Restricted Directory

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:S/C:C/I:N/A:N)	Jul 27, 2022	Aug 19, 2025	Aug 19, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:C/I:N/A:N)

Published

Jul 27, 2022

Added

Aug 19, 2025

Modified

Aug 19, 2025

Description

A path traversal vulnerability exists within GoAnywhere MFT before 6.8.3 that utilize self-registration for the GoAnywhere Web Client. This vulnerability could potentially allow an external user who self-registers with a specific username and/or profile information to gain access to files at a higher directory level than intended.

Solution

fortra-goanywhere-mft-upgrade-latest

References

CWE-22
CVE-2021-46830
https://attackerkb.com/topics/CVE-2021-46830
URL-https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml
URL-https://www.goanywhere.com/support/advisory/68x
URL-https://www.goanywhere.com/support/release-notes/mft?limit=0

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today