CVE-2026-25776

Summary

Movable Type provided by Six Apart Ltd. contains a code injection vulnerability which may allow an attacker to execute arbitrary Perl script.

Affected Software

VendorProductVersion RangeStatus
Six Apart Ltd.Movable Type9.1.0 and earlieraffected
Six Apart Ltd.Movable Type9.0.6 and earlieraffected
Six Apart Ltd.Movable Type8.8.2 and earlieraffected
Six Apart Ltd.Movable Type8.0.9 and earlieraffected
Six Apart Ltd.Movable Type Advanced9.1.0 and earlieraffected
Six Apart Ltd.Movable Type Advanced9.0.6 and earlieraffected
Six Apart Ltd.Movable Type Advanced8.8.2 and earlieraffected
Six Apart Ltd.Movable Type Advanced8.0.9 and earlieraffected
Six Apart Ltd.Movable Type Premium9.1.0 and earlieraffected
Six Apart Ltd.Movable Type Premium9.0.6 and earlieraffected
Six Apart Ltd.Movable Type Premium Advanced Edition9.1.0 and earlieraffected
Six Apart Ltd.Movable Type Premium Advanced Edition9.0.6 and earlieraffected
Six Apart Ltd.Movable Type Premium2.14 and earlieraffected
Six Apart Ltd.Movable Type Premium Advanced Edition2.14 and earlieraffected
Six Apart Ltd.Movable Type Premium (MT8-based)2.14 and earlieraffected
Six Apart Ltd.Movable Type5.1 to 5.18affected
Six Apart Ltd.Movable Type5.2affected
Six Apart Ltd.Movable Type5.2.1 to 5.2.13affected
Six Apart Ltd.Movable Type6.0affected
Six Apart Ltd.Movable Type6.0.1 to 6.8.8affected
Six Apart Ltd.Movable Type7 r.4207 to r.5510affected
Six Apart Ltd.Movable Type8.4.0 to 8.4.4affected
Six Apart Ltd.Movable Type1.0 to 1.68affected

Weaknesses

  • CWE-94: Code injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References