Movable Type provided by Six Apart Ltd. contains a code injection vulnerability which may allow an attacker to execute arbitrary Perl script.
References
| Link | Resource |
|---|---|
| https://jvn.jp/en/jp/JVN66473735/ | Third Party Advisory |
| https://movabletype.org/news/2026/04/mt-907-released.html | Vendor Advisory |
| https://www.sixapart.jp/movabletype/news/2026/04/08-1100.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
20 Apr 2026, 17:21
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:* cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium_advanced:*:*:* cpe:2.3:a:sixapart:movable_type:9.0.6:*:*:*:premium_advanced:*:*:* cpe:2.3:a:sixapart:movable_type:9.0.5:*:*:*:premium_advanced:*:*:* cpe:2.3:a:sixapart:movable_type:9.1.0:*:*:*:advanced:*:*:* cpe:2.3:a:sixapart:movable_type:9.1.0:*:*:*:premium_advanced:*:*:* |
|
| References | () https://jvn.jp/en/jp/JVN66473735/ - Third Party Advisory | |
| References | () https://movabletype.org/news/2026/04/mt-907-released.html - Vendor Advisory | |
| References | () https://www.sixapart.jp/movabletype/news/2026/04/08-1100.html - Vendor Advisory | |
| First Time |
Sixapart
Sixapart movable Type |
08 Apr 2026, 09:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-04-08 09:16
Updated : 2026-04-20 17:21
NVD link : CVE-2026-25776
Mitre link : CVE-2026-25776
CVE.ORG link : CVE-2026-25776
JSON object : View
Products Affected
sixapart
- movable_type
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')