![AttackFeed by Joe Wagner | [SBA-ADV-20251120-01] CVE-2026-0972: GoAnywhere MFT Email HTML Injection - Full Disclosure](https://attackfeed.com/wp-content/uploads/2026/04/fulldisclosure-img-Gcb2CJ.webp "[SBA-ADV-20251120-01] CVE-2026-0972: GoAnywhere MFT Email HTML Injection")
Posted by SBA Research Security Advisory via Fulldisclosure on Apr 29
# GoAnywhere MFT Email HTML Injection #
## Vulnerability Overview ##
GoAnywhere MFT before 7.10.0 is affected by an HTML injection vulnerability
in its email templating functionality. If an attacker is able to influence
the content of a template variable, malicious HTML can be embedded into
outgoing emails generated by the…
– Read More – Full Disclosure
![AttackFeed by Joe Wagner | [SYSS-2025-011] Linksys MX9600/MX4200 - OS Command Injection - Full Disclosure](https://attackfeed.com/wp-content/uploads/2026/02/fulldisclosure-img-uwBpAe.webp "[SYSS-2025-011] Linksys MX9600/MX4200 – OS Command Injection")
![AttackFeed by Joe Wagner | [SYSS-2025-014] Linksys MX4200 - Improper Verification of Source of a Communication Channel - Full Disclosure](https://attackfeed.com/wp-content/uploads/2026/02/fulldisclosure-img-2ngvbO.webp "[SYSS-2025-014] Linksys MX4200 – Improper Verification of Source of a Communication Channel")
