Home

Description

Movable Type provided by Six Apart Ltd. contains a code injection vulnerability which may allow an attacker to execute arbitrary Perl script.

PUBLISHED Reserved 2026-03-26 | Published 2026-04-08 | Updated 2026-04-08 | Assigner jpcert




CRITICAL: 9.8CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

Code injection

Product status

9.1.0 and earlier
affected

9.0.6 and earlier
affected

8.8.2 and earlier
affected

8.0.9 and earlier
affected

9.1.0 and earlier
affected

9.0.6 and earlier
affected

8.8.2 and earlier
affected

8.0.9 and earlier
affected

9.1.0 and earlier
affected

9.0.6 and earlier
affected

9.1.0 and earlier
affected

9.0.6 and earlier
affected

2.14 and earlier
affected

2.14 and earlier
affected

2.14 and earlier
affected

5.1 to 5.18
affected

5.2
affected

5.2.1 to 5.2.13
affected

6.0
affected

6.0.1 to 6.8.8
affected

7 r.4207 to r.5510
affected

8.4.0 to 8.4.4
affected

1.0 to 1.68
affected

References

movabletype.org/news/2026/04/mt-907-released.html

www.sixapart.jp/movabletype/news/2026/04/08-1100.html

jvn.jp/en/jp/JVN66473735/

cve.org (CVE-2026-25776)

nvd.nist.gov (CVE-2026-25776)

Download JSON