vulnerability
GoAnywhere MFT: Authentication Bypass (CVE-2024-0204)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Jan 22, 2024 | Jan 24, 2024 | Aug 19, 2025 |
Severity
9
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Jan 22, 2024
Added
Jan 24, 2024
Modified
Aug 19, 2025
Description
Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.
Solution
goanywhere-cve-2024-0204
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.