CVE-2024-0204

CRITICAL EXPLOITED NUCLEI

Fortra GoAnywhere MFT Unauthenticated Remote Code Execution

Title source: metasploit
STIX 2.1

Exploitation Summary

CVE-2024-0204 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 8 public exploits from researchers including İbrahimsql, horizon3ai, cbeek-r7, including a Metasploit module exploits/multi/http/fortra_goanywhere_mft_rce_cve_2024_0204. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass vulnerability in Fortra GoAnywhere MFT versions prior to 7.4.1 by leveraging path traversal to access the initial account setup wizard, allowing unauthenticated attackers to create an administrator account.

Description

Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.

Exploits (8)

exploitdb WORKING POC
by İbrahimsql · pythonremotemultiple
https://www.exploit-db.com/exploits/52308

This exploit demonstrates an authentication bypass vulnerability in Fortra GoAnywhere MFT versions prior to 7.4.1 by leveraging path traversal to access the initial account setup wizard, allowing unauthenticated attackers to create an administrator account.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Fortra GoAnywhere MFT < 7.4.1
No auth needed
Prerequisites: Network access to the target GoAnywhere MFT instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 65 stars
by horizon3ai · remote
https://github.com/horizon3ai/CVE-2024-0204

The repository contains a functional Python script that exploits an authentication bypass vulnerability in GoAnywhere MFT by creating a new admin user via a crafted HTTP request. The exploit leverages a path traversal flaw to access the initial account setup page and bypasses authentication checks.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Fortra GoAnywhere MFT
No auth needed
Prerequisites: Network access to the GoAnywhere MFT web interface · Target system running a vulnerable version of GoAnywhere MFT
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec SCANNER 4 stars
by cbeek-r7 · infoleak
https://github.com/cbeek-r7/CVE-2024-0204

This script scans for CVE-2024-0204 by checking if the GoAnywhere endpoint '/goanywhere/images/..;/wizard/InitialAccountSetup.xhtml' returns a 200 status code, indicating vulnerability. It does not exploit the vulnerability but detects its presence.

Classification
Scanner 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: GoAnywhere MFT
No auth needed
Prerequisites: Network access to the target GoAnywhere instance
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 2 stars
by ibrahmsql · remote
https://github.com/ibrahmsql/CVE-2024-0204

This repository contains a functional Python exploit for CVE-2024-0204, an authentication bypass vulnerability in Fortra GoAnywhere MFT versions prior to 7.4.1. The exploit leverages path traversal to access the initial account setup wizard and create an administrator account.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Fortra GoAnywhere MFT < 7.4.1
No auth needed
Prerequisites: Network access to the target GoAnywhere MFT instance
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 2 stars
by m-cetin · remote
https://github.com/m-cetin/CVE-2024-0204

This repository contains a functional exploit for CVE-2024-0204, an authentication bypass vulnerability in Fortra GoAnywhere MFT. The exploit leverages path traversal to access the InitialAccountSetup.xhtml endpoint and create an administrative user without authentication.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Fortra GoAnywhere MFT
No auth needed
Prerequisites: Network access to the target GoAnywhere MFT instance
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 1 stars
by adminlove520 · remote
https://github.com/adminlove520/CVE-2024-0204

This repository contains a functional exploit for CVE-2024-0204, an authentication bypass vulnerability in GoAnywhere MFT. The script creates a new admin user by exploiting a path traversal flaw in the InitialAccountSetup.xhtml endpoint.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: GoAnywhere MFT
No auth needed
Prerequisites: Network access to the GoAnywhere MFT endpoint
devstral-2 · analyzed Feb 18, 2026 Full analysis →
vulncheck_xdb WORKING POC
remote
https://github.com/YUUKI4O4/POC

The repository contains a functional exploit for CVE-2023-49442, targeting JEECG's jeecgFormDemoController interface. The exploit leverages path traversal to bypass authentication and FastJSON deserialization for remote code execution via JNDI injection.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: JEECG (versions 4.0 and earlier)
No auth needed
Prerequisites: VPS with JNDIExploit-1.4-SNAPSHOT.jar · Python HTTP server for payload hosting
devstral-2 · analyzed Feb 25, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by sfewer-r7, James Horseman, Zach Hanley · rubypoclinux
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/fortra_goanywhere_mft_rce_cve_2024_0204.rb

This Metasploit module exploits CVE-2024-0204, an authentication bypass in Fortra GoAnywhere MFT, to create an admin account and achieve RCE via JSP payload upload. It leverages a path traversal technique to access the InitialAccountSetup endpoint.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Fortra GoAnywhere MFT versions 6.x from 6.0.1, and 7.x before 7.4.1
No auth needed
Prerequisites: Network access to the target's web interface (port 8001/SSL)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Fortra GoAnywhere MFT - Authentication Bypass
CRITICALVERIFIEDby DhiyaneshDK
Shodan: http.favicon.hash:1484947000,1828756398,1170495932 || http.favicon.hash:1484947000
FOFA: app="GoAnywhere-MFT" || icon_hash=1484947000 || icon_hash=1484947000,1828756398,1170495932 || app="goanywhere-mft"

References (4)

Core 4

Scores

CVSS v3 9.8
EPSS 0.9509
EPSS Percentile 99.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

VulnCheck KEV 2024-01-25
CWE
CWE-425
Status published
Products (2)
fortra/goanywhere_managed_file_transfer 6.0.0
fortra/goanywhere_managed_file_transfer 7.0.0 - 7.4.1
Published Jan 22, 2024
Tracked Since Feb 18, 2026