CVE-2026-33088
CRITICALMovable Type < 9.1.0, < 9.0.6, < 8.8.2, < 8.0.9 - SQL Injection
Title source: llmDescription
Movable Type provided by Six Apart Ltd. contains an SQL Injection vulnerability which may allow an attacker to execute an arbitrary SQL statement.
References (3)
Core 3
Scores
CVSS v3
9.8
EPSS
0.0035
EPSS Percentile
26.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-89
Status
published
Products (28)
Six Apart Ltd./Movable Type
1.0 to 1.68
Six Apart Ltd./Movable Type
5.1 to 5.18
Six Apart Ltd./Movable Type
5.2
Six Apart Ltd./Movable Type
5.2.1 to 5.2.13
Six Apart Ltd./Movable Type
6.0
Six Apart Ltd./Movable Type
6.0.1 to 6.8.8
Six Apart Ltd./Movable Type
7 r.4207 to r.5510
Six Apart Ltd./Movable Type
8.0.9 and earlier
Six Apart Ltd./Movable Type
8.4.0 to 8.4.4
Six Apart Ltd./Movable Type
8.8.2 and earlier
... and 18 more
Published
Apr 08, 2026
Tracked Since
Apr 08, 2026