Vulnerability-Lookup

Affected: 9.1.0 and earlier

Six Apart Ltd.	Movable Type	Affected: 9.0.6 and earlier
Six Apart Ltd.	Movable Type	Affected: 8.8.2 and earlier
Six Apart Ltd.	Movable Type	Affected: 8.0.9 and earlier
Six Apart Ltd.	Movable Type Advanced	Affected: 9.1.0 and earlier
Six Apart Ltd.	Movable Type Advanced	Affected: 9.0.6 and earlier
Six Apart Ltd.	Movable Type Advanced	Affected: 8.8.2 and earlier
Six Apart Ltd.	Movable Type Advanced	Affected: 8.0.9 and earlier
Six Apart Ltd.	Movable Type Premium	Affected: 9.1.0 and earlier
Six Apart Ltd.	Movable Type Premium	Affected: 9.0.6 and earlier
Six Apart Ltd.	Movable Type Premium Advanced Edition	Affected: 9.1.0 and earlier
Six Apart Ltd.	Movable Type Premium Advanced Edition	Affected: 9.0.6 and earlier
Six Apart Ltd.	Movable Type Premium	Affected: 2.14 and earlier
Six Apart Ltd.	Movable Type Premium Advanced Edition	Affected: 2.14 and earlier
Six Apart Ltd.	Movable Type Premium (MT8-based)	Affected: 2.14 and earlier
Six Apart Ltd.	Movable Type	Affected: 5.1 to 5.18
Six Apart Ltd.	Movable Type	Affected: 5.2 Affected: 5.2.1 to 5.2.13
Six Apart Ltd.	Movable Type	Affected: 6.0 Affected: 6.0.1 to 6.8.8
Six Apart Ltd.	Movable Type	Affected: 7 r.4207 to r.5510
Six Apart Ltd.	Movable Type	Affected: 8.4.0 to 8.4.4
Six Apart Ltd.	Movable Type	Affected: 1.0 to 1.68

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-33088",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-08T13:31:00.450725Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-08T13:31:08.213Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Movable Type",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "9.1.0 and earlier"
            }
          ]
        },
        {
          "product": "Movable Type",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "9.0.6 and earlier"
            }
          ]
        },
        {
          "product": "Movable Type",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "8.8.2 and earlier"
            }
          ]
        },
        {
          "product": "Movable Type",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "8.0.9 and earlier"
            }
          ]
        },
        {
          "product": "Movable Type Advanced",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "9.1.0 and earlier"
            }
          ]
        },
        {
          "product": "Movable Type Advanced",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "9.0.6 and earlier"
            }
          ]
        },
        {
          "product": "Movable Type Advanced",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "8.8.2 and earlier"
            }
          ]
        },
        {
          "product": "Movable Type Advanced",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "8.0.9 and earlier"
            }
          ]
        },
        {
          "product": "Movable Type Premium",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "9.1.0 and earlier"
            }
          ]
        },
        {
          "product": "Movable Type Premium",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "9.0.6 and earlier"
            }
          ]
        },
        {
          "product": "Movable Type Premium Advanced Edition",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "9.1.0 and earlier"
            }
          ]
        },
        {
          "product": "Movable Type Premium Advanced Edition",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "9.0.6 and earlier"
            }
          ]
        },
        {
          "product": "Movable Type Premium",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "2.14 and earlier"
            }
          ]
        },
        {
          "product": "Movable Type Premium Advanced Edition",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "2.14 and earlier"
            }
          ]
        },
        {
          "product": "Movable Type Premium (MT8-based)",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "2.14 and earlier"
            }
          ]
        },
        {
          "product": "Movable Type",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "5.1 to 5.18"
            }
          ]
        },
        {
          "product": "Movable Type",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "5.2"
            },
            {
              "status": "affected",
              "version": "5.2.1 to 5.2.13"
            }
          ]
        },
        {
          "product": "Movable Type",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1 to 6.8.8"
            }
          ]
        },
        {
          "product": "Movable Type",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "7 r.4207 to r.5510"
            }
          ]
        },
        {
          "product": "Movable Type",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "8.4.0 to 8.4.4"
            }
          ]
        },
        {
          "product": "Movable Type",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "1.0 to 1.68"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Movable Type provided by Six Apart Ltd. contains an SQL Injection vulnerability which may allow an attacker to execute an arbitrary SQL statement."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "Improper neutralization of special elements used in an SQL command (\u0027SQL Injection\u0027)",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T08:51:45.916Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://movabletype.org/news/2026/04/mt-907-released.html"
        },
        {
          "url": "https://www.sixapart.jp/movabletype/news/2026/04/08-1100.html"
        },
        {
          "url": "https://jvn.jp/en/jp/JVN66473735/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2026-33088",
    "datePublished": "2026-04-08T08:51:45.916Z",
    "dateReserved": "2026-03-26T01:06:13.982Z",
    "dateUpdated": "2026-04-08T13:31:08.213Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-25776 (GCVE-0-2026-25776)

Vulnerability from nvd – Published: 2026-04-08 08:52 – Updated: 2026-04-08 13:22

Summary

Movable Type provided by Six Apart Ltd. contains a code injection vulnerability which may allow an attacker to execute arbitrary Perl script.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 (Critical)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CWE

CWE-94 - Code injection

Assigner

jpcert

References

URL

Tags

	https://movabletype.org/news/2026/04/mt-907-relea…
	https://www.sixapart.jp/movabletype/news/2026/04/…
	https://jvn.jp/en/jp/JVN66473735/

Impacted products

Vendor

Product

Version

Affected: 9.1.0 and earlier

Six Apart Ltd.	Movable Type	Affected: 9.0.6 and earlier
Six Apart Ltd.	Movable Type	Affected: 8.8.2 and earlier
Six Apart Ltd.	Movable Type	Affected: 8.0.9 and earlier
Six Apart Ltd.	Movable Type Advanced	Affected: 9.1.0 and earlier
Six Apart Ltd.	Movable Type Advanced	Affected: 9.0.6 and earlier
Six Apart Ltd.	Movable Type Advanced	Affected: 8.8.2 and earlier
Six Apart Ltd.	Movable Type Advanced	Affected: 8.0.9 and earlier
Six Apart Ltd.	Movable Type Premium	Affected: 9.1.0 and earlier
Six Apart Ltd.	Movable Type Premium	Affected: 9.0.6 and earlier
Six Apart Ltd.	Movable Type Premium Advanced Edition	Affected: 9.1.0 and earlier
Six Apart Ltd.	Movable Type Premium Advanced Edition	Affected: 9.0.6 and earlier
Six Apart Ltd.	Movable Type Premium	Affected: 2.14 and earlier
Six Apart Ltd.	Movable Type Premium Advanced Edition	Affected: 2.14 and earlier
Six Apart Ltd.	Movable Type Premium (MT8-based)	Affected: 2.14 and earlier
Six Apart Ltd.	Movable Type	Affected: 5.1 to 5.18
Six Apart Ltd.	Movable Type	Affected: 5.2 Affected: 5.2.1 to 5.2.13
Six Apart Ltd.	Movable Type	Affected: 6.0 Affected: 6.0.1 to 6.8.8
Six Apart Ltd.	Movable Type	Affected: 7 r.4207 to r.5510
Six Apart Ltd.	Movable Type	Affected: 8.4.0 to 8.4.4
Six Apart Ltd.	Movable Type	Affected: 1.0 to 1.68

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-25776",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-08T13:21:57.431441Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-08T13:22:04.832Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Movable Type",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "9.1.0 and earlier"
            }
          ]
        },
        {
          "product": "Movable Type",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "9.0.6 and earlier"
            }
          ]
        },
        {
          "product": "Movable Type",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "8.8.2 and earlier"
            }
          ]
        },
        {
          "product": "Movable Type",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "8.0.9 and earlier"
            }
          ]
        },
        {
          "product": "Movable Type Advanced",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "9.1.0 and earlier"
            }
          ]
        },
        {
          "product": "Movable Type Advanced",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "9.0.6 and earlier"
            }
          ]
        },
        {
          "product": "Movable Type Advanced",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "8.8.2 and earlier"
            }
          ]
        },
        {
          "product": "Movable Type Advanced",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "8.0.9 and earlier"
            }
          ]
        },
        {
          "product": "Movable Type Premium",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "9.1.0 and earlier"
            }
          ]
        },
        {
          "product": "Movable Type Premium",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "9.0.6 and earlier"
            }
          ]
        },
        {
          "product": "Movable Type Premium Advanced Edition",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "9.1.0 and earlier"
            }
          ]
        },
        {
          "product": "Movable Type Premium Advanced Edition",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "9.0.6 and earlier"
            }
          ]
        },
        {
          "product": "Movable Type Premium",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "2.14 and earlier"
            }
          ]
        },
        {
          "product": "Movable Type Premium Advanced Edition",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "2.14 and earlier"
            }
          ]
        },
        {
          "product": "Movable Type Premium (MT8-based)",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "2.14 and earlier"
            }
          ]
        },
        {
          "product": "Movable Type",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "5.1 to 5.18"
            }
          ]
        },
        {
          "product": "Movable Type",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "5.2"
            },
            {
              "status": "affected",
              "version": "5.2.1 to 5.2.13"
            }
          ]
        },
        {
          "product": "Movable Type",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1 to 6.8.8"
            }
          ]
        },
        {
          "product": "Movable Type",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "7 r.4207 to r.5510"
            }
          ]
        },
        {
          "product": "Movable Type",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "8.4.0 to 8.4.4"
            }
          ]
        },
        {
          "product": "Movable Type",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "1.0 to 1.68"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Movable Type provided by Six Apart Ltd. contains a code injection vulnerability which may allow an attacker to execute arbitrary Perl script."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "Code injection",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T08:52:15.469Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://movabletype.org/news/2026/04/mt-907-released.html"
        },
        {
          "url": "https://www.sixapart.jp/movabletype/news/2026/04/08-1100.html"
        },
        {
          "url": "https://jvn.jp/en/jp/JVN66473735/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2026-25776",
    "datePublished": "2026-04-08T08:52:15.469Z",
    "dateReserved": "2026-03-26T01:06:12.957Z",
    "dateUpdated": "2026-04-08T13:22:04.832Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-25776 (GCVE-0-2026-25776)

Vulnerability from cvelistv5 – Published: 2026-04-08 08:52 – Updated: 2026-04-08 13:22

Summary

Movable Type provided by Six Apart Ltd. contains a code injection vulnerability which may allow an attacker to execute arbitrary Perl script.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 (Critical)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CWE

CWE-94 - Code injection

Assigner

jpcert

References

URL

Tags

	https://movabletype.org/news/2026/04/mt-907-relea…
	https://www.sixapart.jp/movabletype/news/2026/04/…
	https://jvn.jp/en/jp/JVN66473735/

Impacted products

Vendor

Product

Version

Affected: 9.1.0 and earlier

Six Apart Ltd.	Movable Type	Affected: 9.0.6 and earlier
Six Apart Ltd.	Movable Type	Affected: 8.8.2 and earlier
Six Apart Ltd.	Movable Type	Affected: 8.0.9 and earlier
Six Apart Ltd.	Movable Type Advanced	Affected: 9.1.0 and earlier
Six Apart Ltd.	Movable Type Advanced	Affected: 9.0.6 and earlier
Six Apart Ltd.	Movable Type Advanced	Affected: 8.8.2 and earlier
Six Apart Ltd.	Movable Type Advanced	Affected: 8.0.9 and earlier
Six Apart Ltd.	Movable Type Premium	Affected: 9.1.0 and earlier
Six Apart Ltd.	Movable Type Premium	Affected: 9.0.6 and earlier
Six Apart Ltd.	Movable Type Premium Advanced Edition	Affected: 9.1.0 and earlier
Six Apart Ltd.	Movable Type Premium Advanced Edition	Affected: 9.0.6 and earlier
Six Apart Ltd.	Movable Type Premium	Affected: 2.14 and earlier
Six Apart Ltd.	Movable Type Premium Advanced Edition	Affected: 2.14 and earlier
Six Apart Ltd.	Movable Type Premium (MT8-based)	Affected: 2.14 and earlier
Six Apart Ltd.	Movable Type	Affected: 5.1 to 5.18
Six Apart Ltd.	Movable Type	Affected: 5.2 Affected: 5.2.1 to 5.2.13
Six Apart Ltd.	Movable Type	Affected: 6.0 Affected: 6.0.1 to 6.8.8
Six Apart Ltd.	Movable Type	Affected: 7 r.4207 to r.5510
Six Apart Ltd.	Movable Type	Affected: 8.4.0 to 8.4.4
Six Apart Ltd.	Movable Type	Affected: 1.0 to 1.68

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-25776",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-08T13:21:57.431441Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-08T13:22:04.832Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Movable Type",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "9.1.0 and earlier"
            }
          ]
        },
        {
          "product": "Movable Type",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "9.0.6 and earlier"
            }
          ]
        },
        {
          "product": "Movable Type",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "8.8.2 and earlier"
            }
          ]
        },
        {
          "product": "Movable Type",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "8.0.9 and earlier"
            }
          ]
        },
        {
          "product": "Movable Type Advanced",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "9.1.0 and earlier"
            }
          ]
        },
        {
          "product": "Movable Type Advanced",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "9.0.6 and earlier"
            }
          ]
        },
        {
          "product": "Movable Type Advanced",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "8.8.2 and earlier"
            }
          ]
        },
        {
          "product": "Movable Type Advanced",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "8.0.9 and earlier"
            }
          ]
        },
        {
          "product": "Movable Type Premium",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "9.1.0 and earlier"
            }
          ]
        },
        {
          "product": "Movable Type Premium",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "9.0.6 and earlier"
            }
          ]
        },
        {
          "product": "Movable Type Premium Advanced Edition",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "9.1.0 and earlier"
            }
          ]
        },
        {
          "product": "Movable Type Premium Advanced Edition",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "9.0.6 and earlier"
            }
          ]
        },
        {
          "product": "Movable Type Premium",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "2.14 and earlier"
            }
          ]
        },
        {
          "product": "Movable Type Premium Advanced Edition",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "2.14 and earlier"
            }
          ]
        },
        {
          "product": "Movable Type Premium (MT8-based)",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "2.14 and earlier"
            }
          ]
        },
        {
          "product": "Movable Type",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "5.1 to 5.18"
            }
          ]
        },
        {
          "product": "Movable Type",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "5.2"
            },
            {
              "status": "affected",
              "version": "5.2.1 to 5.2.13"
            }
          ]
        },
        {
          "product": "Movable Type",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.0.1 to 6.8.8"
            }
          ]
        },
        {
          "product": "Movable Type",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "7 r.4207 to r.5510"
            }
          ]
        },
        {
          "product": "Movable Type",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "8.4.0 to 8.4.4"
            }
          ]
        },
        {
          "product": "Movable Type",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "1.0 to 1.68"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Movable Type provided by Six Apart Ltd. contains a code injection vulnerability which may allow an attacker to execute arbitrary Perl script."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "Code injection",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T08:52:15.469Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://movabletype.org/news/2026/04/mt-907-released.html"
        },
        {
          "url": "https://www.sixapart.jp/movabletype/news/2026/04/08-1100.html"
        },
        {
          "url": "https://jvn.jp/en/jp/JVN66473735/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2026-25776",
    "datePublished": "2026-04-08T08:52:15.469Z",
    "dateReserved": "2026-03-26T01:06:12.957Z",
    "dateUpdated": "2026-04-08T13:22:04.832Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-33088 (GCVE-0-2026-33088)

Vulnerability from cvelistv5 – Published: 2026-04-08 08:51 – Updated: 2026-04-08 13:31

Summary

Movable Type provided by Six Apart Ltd. contains an SQL Injection vulnerability which may allow an attacker to execute an arbitrary SQL statement.

Severity ?

7.3 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

6.9 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

CWE

CWE-89 - Improper neutralization of special elements used in an SQL command ('SQL Injection')

Assigner

jpcert

References

URL

Tags

	https://movabletype.org/news/2026/04/mt-907-relea…
	https://www.sixapart.jp/movabletype/news/2026/04/…
	https://jvn.jp/en/jp/JVN66473735/

Impacted products

Vendor

Product

Version

Affected: 9.1.0 and earlier

Six Apart Ltd.	Movable Type	Affected: 9.0.6 and earlier
Six Apart Ltd.	Movable Type	Affected: 8.8.2 and earlier
Six Apart Ltd.	Movable Type	Affected: 8.0.9 and earlier
Six Apart Ltd.	Movable Type Advanced	Affected: 9.1.0 and earlier
Six Apart Ltd.	Movable Type Advanced	Affected: 9.0.6 and earlier
Six Apart Ltd.	Movable Type Advanced	Affected: 8.8.2 and earlier
Six Apart Ltd.	Movable Type Advanced	Affected: 8.0.9 and earlier
Six Apart Ltd.	Movable Type Premium	Affected: 9.1.0 and earlier
Six Apart Ltd.	Movable Type Premium	Affected: 9.0.6 and earlier
Six Apart Ltd.	Movable Type Premium Advanced Edition	Affected: 9.1.0 and earlier
Six Apart Ltd.	Movable Type Premium Advanced Edition	Affected: 9.0.6 and earlier
Six Apart Ltd.	Movable Type Premium	Affected: 2.14 and earlier
Six Apart Ltd.	Movable Type Premium Advanced Edition	Affected: 2.14 and earlier
Six Apart Ltd.	Movable Type Premium (MT8-based)	Affected: 2.14 and earlier
Six Apart Ltd.	Movable Type	Affected: 5.1 to 5.18
Six Apart Ltd.	Movable Type	Affected: 5.2 Affected: 5.2.1 to 5.2.13
Six Apart Ltd.	Movable Type	Affected: 6.0 Affected: 6.0.1 to 6.8.8
Six Apart Ltd.	Movable Type	Affected: 7 r.4207 to r.5510
Six Apart Ltd.	Movable Type	Affected: 8.4.0 to 8.4.4
Six Apart Ltd.	Movable Type	Affected: 1.0 to 1.68

Show details on NVD website