CVE-2026-24447

If a malformed data is input to the affected product, a CSV file downloaded from the affected product may contain such malformed data. When a victim user download and open such a CSV file, the embedded code may be executed in the user's environment. Note that Movable Type 7 series and 8.4 series, which are End-of-Life (EOL), are affected by the vulnerability as well.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector : AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Exploitability : 2.3 / Impact : 3.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope CHANGED

References

Link	Resource
https://jvn.jp/en/jp/JVN45405689/
https://movabletype.org/news/2026/02/mt-906-released.html
https://www.sixapart.jp/movabletype/news/2026/02/04-1100.html

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Si se introduce un dato malformado en el producto afectado, un archivo CSV descargado del producto afectado puede contener dicho dato malformado. Cuando un usuario víctima descarga y abre dicho archivo CSV, el código incrustado puede ejecutarse en el entorno del usuario. Tenga en cuenta que las series Movable Type 7 y 8.4, que están al final de su vida útil (EOL), también se ven afectadas por la vulnerabilidad.

04 Feb 2026, 07:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-04 07:16

Updated : 2026-06-17 10:23

NVD link : CVE-2026-24447

Mitre link : CVE-2026-24447

CVE.ORG link : CVE-2026-24447

JSON object : View

Products Affected

No product.

CWE

CWE-1236

Improper Neutralization of Formula Elements in a CSV File

{"id": "CVE-2026-24447", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2026-24447", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-04T15:55:19.585103Z"}}], "cvssMetricV30": [{"type": "Secondary", "source": "vultures@jpcert.or.jp", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.7, "exploitabilityScore": 2.3}], "cvssMetricV40": [{"type": "Secondary", "source": "vultures@jpcert.or.jp", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 4.8, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "affected": [{"source": "vultures@jpcert.or.jp", "affectedData": [{"vendor": "Six Apart Ltd.", "product": "Movable Type (Software Edition)", "versions": [{"status": "affected", "version": "9.0.4 to 9.0.5 (9.0 series)"}, {"status": "affected", "version": "8.8.0 to 8.8.1 (8.8 series)"}, {"status": "affected", "version": "8.0.2 to 8.0.8 (8.0 series)"}]}, {"vendor": "Six Apart Ltd.", "product": "Movable Type Advanced (Software Edition)", "versions": [{"status": "affected", "version": "9.0.4 to 9.0.5 (9.0 series)"}, {"status": "affected", "version": "8.8.0 to 8.8.1 (8.8 series)"}, {"status": "affected", "version": "8.0.2 to 8.0.8 (8.0 series)"}]}, {"vendor": "Six Apart Ltd.", "product": "Movable Type Premium (Software Edition)", "versions": [{"status": "affected", "version": "9.0.4 (MTP 9.0 series)"}, {"status": "affected", "version": "2.13 and earlier (MTP 2 series)"}]}, {"vendor": "Six Apart Ltd.", "product": "Movable Type Premium (Advanced Edition) (Software Edition)", "versions": [{"status": "affected", "version": "9.0.4 (MTP 9.0 series)"}, {"status": "affected", "version": "2.13 and earlier (MTP 2 series)"}]}, {"vendor": "Six Apart Ltd.", "product": "Movable Type (Cloud Edition)", "versions": [{"status": "affected", "version": "9.0.5 (9 series)"}, {"status": "affected", "version": "8.8.1 (8 series)"}]}, {"vendor": "Six Apart Ltd.", "product": "Movable Type Premium (Cloud Edition)", "versions": [{"status": "affected", "version": "9.0.5 (9 series)"}, {"status": "affected", "version": "2.12 (MTP 2 series)"}]}]}], "published": "2026-02-04T07:16:01.560", "references": [{"url": "https://jvn.jp/en/jp/JVN45405689/", "source": "vultures@jpcert.or.jp"}, {"url": "https://movabletype.org/news/2026/02/mt-906-released.html", "source": "vultures@jpcert.or.jp"}, {"url": "https://www.sixapart.jp/movabletype/news/2026/02/04-1100.html", "source": "vultures@jpcert.or.jp"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "vultures@jpcert.or.jp", "description": [{"lang": "en", "value": "CWE-1236"}]}], "descriptions": [{"lang": "en", "value": "If a malformed data is input to the affected product, a CSV file downloaded from the affected product may contain such malformed data. When a victim user download and open such a CSV file, the embedded code may be executed in the user's environment. Note that Movable Type 7 series and 8.4 series, which are End-of-Life (EOL), are affected by the vulnerability as well."}, {"lang": "es", "value": "Si se introduce un dato malformado en el producto afectado, un archivo CSV descargado del producto afectado puede contener dicho dato malformado. Cuando un usuario v\u00edctima descarga y abre dicho archivo CSV, el c\u00f3digo incrustado puede ejecutarse en el entorno del usuario. Tenga en cuenta que las series Movable Type 7 y 8.4, que est\u00e1n al final de su vida \u00fatil (EOL), tambi\u00e9n se ven afectadas por la vulnerabilidad."}], "lastModified": "2026-06-17T10:23:05.427", "sourceIdentifier": "vultures@jpcert.or.jp"}