This vulnerability (CWE-74) in Fortra GoAnywhere MFT allows an attacker to manipulate user-controlled HTTP headers to cause the application to perform unintended DNS lookups. This can lead to DNS rebinding attacks and potential information disclosure. The issue affects versions prior to 7.10.0. The CVSS 3.1 base score is 6.5, reflecting network attack vector, low attack complexity, no privileges or user interaction required, with limited confidentiality and availability impact. No official patch or remediation guidance has been provided by the vendor as of the published date.

An attacker can exploit this vulnerability remotely without authentication or user interaction to trigger DNS lookups and potentially perform DNS rebinding attacks, which may lead to information disclosure and limited availability impact. The confidentiality impact is low, and integrity impact is not affected. There are no known exploits in the wild currently.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or remediation level is published, users should monitor Fortra's advisories for updates. Until a patch is available, consider restricting or validating HTTP header inputs where possible to mitigate exploitation risk.