CRITICALCVE-2026-25776Published Modified CNA jpcert
CVE-2026-25776: Movable Type provided by Six Apart Ltd
Movable Type provided by Six Apart Ltd. contains a code injection vulnerability which may allow an attacker to execute arbitrary Perl script.
Metrics
- CVSS v4.0
- 9.3
- Severity
- CRITICAL
- Fixed in
- —
- Affected Products
- 21
Affected packages
- Six Apart Ltd. / Movable Type9.1.0 and earlier
- Six Apart Ltd. / Movable Type9.0.6 and earlier
- Six Apart Ltd. / Movable Type8.8.2 and earlier
- Six Apart Ltd. / Movable Type8.0.9 and earlier
- Six Apart Ltd. / Movable Type Advanced9.1.0 and earlier
- Six Apart Ltd. / Movable Type Advanced9.0.6 and earlier
- Six Apart Ltd. / Movable Type Advanced8.8.2 and earlier
- Six Apart Ltd. / Movable Type Advanced8.0.9 and earlier
- Six Apart Ltd. / Movable Type Premium9.1.0 and earlier
- Six Apart Ltd. / Movable Type Premium9.0.6 and earlier
- Six Apart Ltd. / Movable Type Premium Advanced Edition9.1.0 and earlier
- Six Apart Ltd. / Movable Type Premium Advanced Edition9.0.6 and earlier
- Six Apart Ltd. / Movable Type Premium2.14 and earlier
- Six Apart Ltd. / Movable Type Premium Advanced Edition2.14 and earlier
- Six Apart Ltd. / Movable Type Premium (MT8-based)2.14 and earlier
- Six Apart Ltd. / Movable Type5.1 to 5.18
- Six Apart Ltd. / Movable Type5.2 · 5.2.1 to 5.2.13
- Six Apart Ltd. / Movable Type6.0 · 6.0.1 to 6.8.8
- Six Apart Ltd. / Movable Type7 r.4207 to r.5510
- Six Apart Ltd. / Movable Type8.4.0 to 8.4.4
- Six Apart Ltd. / Movable Type1.0 to 1.68
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:NReferences