CVE-2026-1089
published 2026-04-21CVE-2026-1089: User‑Controlled HTTP Header in Fortra's GoAnywhere MFT prior to version 7.10.0 allows attackers to trigger a DNS lookup, as well as DNS Rebinding and…
PriorityP432medium6.5CVSS 3.1
AVNACLPRNUINSUCLINAL
EPSS
0.23%
13.5th percentile
User‑Controlled HTTP Header in Fortra's GoAnywhere MFT prior to version 7.10.0 allows attackers to trigger a DNS lookup, as well as DNS Rebinding and Information Disclosure.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortra | goanywhere_managed_file_transfer | < 7.10.0 | 7.10.0 |
| fortra | goanywhere_mft | < 7.10.0 | 7.10.0 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6x5f-r479-qh4p: User‑Controlled HTTP Header in Fortra's GoAnywhere MFT prior to version 7
ghsa_unreviewed·2026-04-21
CVE-2026-1089 [MEDIUM] CWE-74 GHSA-6x5f-r479-qh4p: User‑Controlled HTTP Header in Fortra's GoAnywhere MFT prior to version 7
User‑Controlled HTTP Header in Fortra's GoAnywhere MFT prior to version 7.10.0 allows attackers to trigger a DNS lookup, as well as DNS Rebinding and Information Disclosure.
Red Hat
kernel: apparmor: Fix double free of ns_name in aa_replace_profiles()
vendor_redhat·2026-04-01·CVSS 7.8
CVE-2026-23408 [HIGH] CWE-1341 kernel: apparmor: Fix double free of ns_name in aa_replace_profiles()
kernel: apparmor: Fix double free of ns_name in aa_replace_profiles()
In the Linux kernel, the following vulnerability has been resolved:
apparmor: Fix double free of ns_name in aa_replace_profiles()
if ns_name is NULL after
1071 error = aa_unpack(udata, &lh, &ns_name);
and if ent->ns_name contains an ns_name in
1089 } else if (ent->ns_name) {
then ns_name is assigned the ent->ns_name
1095 ns_name = ent->ns_name;
however ent->ns_name is freed at
1262 aa_load_ent_free(ent);
and then again when freeing ns_name at
1270 kfree(ns_name);
Fix this by NULLing out ent->ns_name after it is transferred to ns_name
")
A flaw was found in AppArmor within the Linux kernel. This vulnerability involves a double free of the `ns_name` variable in the `aa_replace_profiles()` function. This can occur when `n
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-21
Published