CVE-2026-25776

CRITICAL

Movable Type <=9.1.0 - Code Injection

Title source: llm
STIX 2.1

Description

Movable Type provided by Six Apart Ltd. contains a code injection vulnerability which may allow an attacker to execute arbitrary Perl script.

References (3)

Scores

CVSS v3 9.8
EPSS 0.0006
EPSS Percentile 18.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-94
Status published
Products (28)
Six Apart Ltd./Movable Type 1.0 to 1.68
Six Apart Ltd./Movable Type 5.1 to 5.18
Six Apart Ltd./Movable Type 5.2
Six Apart Ltd./Movable Type 5.2.1 to 5.2.13
Six Apart Ltd./Movable Type 6.0
Six Apart Ltd./Movable Type 6.0.1 to 6.8.8
Six Apart Ltd./Movable Type 7 r.4207 to r.5510
Six Apart Ltd./Movable Type 8.0.9 and earlier
Six Apart Ltd./Movable Type 8.4.0 to 8.4.4
Six Apart Ltd./Movable Type 8.8.2 and earlier
... and 18 more
Published Apr 08, 2026
Tracked Since Apr 08, 2026