CVE-2026-23704

Summary

A non-administrative user can upload malicious files. When an administrator or the product accesses that file, an arbitrary script may be executed on the administrator's browser. Note that Movable Type 7 series and 8.4 series, which are End-of-Life (EOL), are affected by the vulnerability as well.

Affected Software

VendorProductVersion RangeStatus
Six Apart Ltd.Movable Type (Software Edition)9.0.4 to 9.0.5 (9.0 series)affected
Six Apart Ltd.Movable Type (Software Edition)8.8.0 to 8.8.1 (8.8 series)affected
Six Apart Ltd.Movable Type (Software Edition)8.0.2 to 8.0.8 (8.0 series)affected
Six Apart Ltd.Movable Type Advanced (Software Edition)9.0.4 to 9.0.5 (9.0 series)affected
Six Apart Ltd.Movable Type Advanced (Software Edition)8.8.0 to 8.8.1 (8.8 series)affected
Six Apart Ltd.Movable Type Advanced (Software Edition)8.0.2 to 8.0.8 (8.0 series)affected
Six Apart Ltd.Movable Type Premium (Software Edition)9.0.4 (MTP 9.0 series)affected
Six Apart Ltd.Movable Type Premium (Software Edition)2.13 and earlier (MTP 2 series)affected
Six Apart Ltd.Movable Type Premium (Advanced Edition) (Software Edition)9.0.4 (MTP 9.0 series)affected
Six Apart Ltd.Movable Type Premium (Advanced Edition) (Software Edition)2.13 and earlier (MTP 2 series)affected
Six Apart Ltd.Movable Type (Cloud Edition)9.0.5 (9 series)affected
Six Apart Ltd.Movable Type (Cloud Edition)8.8.1 (8 series)affected
Six Apart Ltd.Movable Type Premium (Cloud Edition)9.0.5 (9 series)affected
Six Apart Ltd.Movable Type Premium (Cloud Edition)2.12 (MTP 2 series)affected

Weaknesses

  • CWE-434: Unrestricted upload of file with dangerous type

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References