CVE-2026-25776
CVE-2026-25776
9.3
CriticalPublished:
Last updated:
Source:vultures@jpcert.or.jp
Analyzed
Weakness (CWE)
CVSS Vector
v4.0- Attack Vector
- Network
- Attack Complexity
- Low
- Attack Requirements
- None
- Privileges Required
- None
- User Interaction
- None
- Confidentiality (Vulnerable)
- High
- Integrity (Vulnerable)
- High
- Availability (Vulnerable)
- High
- Confidentiality (Subsequent)
- None
- Integrity (Subsequent)
- None
- Availability (Subsequent)
- None
Description
Movable Type provided by Six Apart Ltd. contains a code injection vulnerability which may allow an attacker to execute arbitrary Perl script.
References
vultures@jpcert.or.jp
https://jvn.jp/en/jp/JVN66473735/vultures@jpcert.or.jp
https://movabletype.org/news/2026/04/mt-907-released.htmlvultures@jpcert.or.jp
https://www.sixapart.jp/movabletype/news/2026/04/08-1100.html