{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25776", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2026-03-26T01:06:12.957Z", "datePublished": "2026-04-08T08:52:15.469Z", "dateUpdated": "2026-04-08T13:22:04.832Z"}, "containers": {"cna": {"affected": [{"vendor": "Six Apart Ltd.", "product": "Movable Type", "versions": [{"version": "9.1.0 and earlier", "status": "affected"}]}, {"vendor": "Six Apart Ltd.", "product": "Movable Type", "versions": [{"version": "9.0.6 and earlier", "status": "affected"}]}, {"vendor": "Six Apart Ltd.", "product": "Movable Type", "versions": [{"version": "8.8.2 and earlier", "status": "affected"}]}, {"vendor": "Six Apart Ltd.", "product": "Movable Type", "versions": [{"version": "8.0.9 and earlier", "status": "affected"}]}, {"vendor": "Six Apart Ltd.", "product": "Movable Type Advanced", "versions": [{"version": "9.1.0 and earlier", "status": "affected"}]}, {"vendor": "Six Apart Ltd.", "product": "Movable Type Advanced", "versions": [{"version": "9.0.6 and earlier", "status": "affected"}]}, {"vendor": "Six Apart Ltd.", "product": "Movable Type Advanced", "versions": [{"version": "8.8.2 and earlier", "status": "affected"}]}, {"vendor": "Six Apart Ltd.", "product": "Movable Type Advanced", "versions": [{"version": "8.0.9 and earlier", "status": "affected"}]}, {"vendor": "Six Apart Ltd.", "product": "Movable Type Premium", "versions": [{"version": "9.1.0 and earlier", "status": "affected"}]}, {"vendor": "Six Apart Ltd.", "product": "Movable Type Premium", "versions": [{"version": "9.0.6 and earlier", "status": "affected"}]}, {"vendor": "Six Apart Ltd.", "product": "Movable Type Premium Advanced Edition", "versions": [{"version": "9.1.0 and earlier", "status": "affected"}]}, {"vendor": "Six Apart Ltd.", "product": "Movable Type Premium Advanced Edition", "versions": [{"version": "9.0.6 and earlier", "status": "affected"}]}, {"vendor": "Six Apart Ltd.", "product": "Movable Type Premium", "versions": [{"version": "2.14 and earlier", "status": "affected"}]}, {"vendor": "Six Apart Ltd.", "product": "Movable Type Premium Advanced Edition", "versions": [{"version": "2.14 and earlier", "status": "affected"}]}, {"vendor": "Six Apart Ltd.", "product": "Movable Type Premium (MT8-based)", "versions": [{"version": "2.14 and earlier", "status": "affected"}]}, {"vendor": "Six Apart Ltd.", "product": "Movable Type", "versions": [{"version": "5.1 to 5.18", "status": "affected"}]}, {"vendor": "Six Apart Ltd.", "product": "Movable Type", "versions": [{"version": "5.2", "status": "affected"}, {"version": "5.2.1 to 5.2.13", "status": "affected"}]}, {"vendor": "Six Apart Ltd.", "product": "Movable Type", "versions": [{"version": "6.0", "status": "affected"}, {"version": "6.0.1 to 6.8.8", "status": "affected"}]}, {"vendor": "Six Apart Ltd.", "product": "Movable Type", "versions": [{"version": "7 r.4207 to r.5510", "status": "affected"}]}, {"vendor": "Six Apart Ltd.", "product": "Movable Type", "versions": [{"version": "8.4.0 to 8.4.4", "status": "affected"}]}, {"vendor": "Six Apart Ltd.", "product": "Movable Type", "versions": [{"version": "1.0 to 1.68", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "Movable Type provided by Six Apart Ltd. contains a code injection vulnerability which may allow an attacker to execute arbitrary Perl script."}], "problemTypes": [{"descriptions": [{"description": "Code injection", "lang": "en-US", "cweId": "CWE-94", "type": "CWE"}]}], "references": [{"url": "https://movabletype.org/news/2026/04/mt-907-released.html"}, {"url": "https://www.sixapart.jp/movabletype/news/2026/04/08-1100.html"}, {"url": "https://jvn.jp/en/jp/JVN66473735/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_0": {"version": "3.0", "baseSeverity": "CRITICAL", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}, {"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV4_0": {"version": "4.0", "baseSeverity": "CRITICAL", "baseScore": 9.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2026-04-08T08:52:15.469Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-08T13:21:57.431441Z", "id": "CVE-2026-25776", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-08T13:22:04.832Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-25776", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-08T13:21:57.431441Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-08T13:22:01.041Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"version": "4.0", "baseScore": 9.3, "baseSeverity": "CRITICAL", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Six Apart Ltd.", "product": "Movable Type", "versions": [{"status": "affected", "version": "9.1.0 and earlier"}]}, {"vendor": "Six Apart Ltd.", "product": "Movable Type", "versions": [{"status": "affected", "version": "9.0.6 and earlier"}]}, {"vendor": "Six Apart Ltd.", "product": "Movable Type", "versions": [{"status": "affected", "version": "8.8.2 and earlier"}]}, {"vendor": "Six Apart Ltd.", "product": "Movable Type", "versions": [{"status": "affected", "version": "8.0.9 and earlier"}]}, {"vendor": "Six Apart Ltd.", "product": "Movable Type Advanced", "versions": [{"status": "affected", "version": "9.1.0 and earlier"}]}, {"vendor": "Six Apart Ltd.", "product": "Movable Type Advanced", "versions": [{"status": "affected", "version": "9.0.6 and earlier"}]}, {"vendor": "Six Apart Ltd.", "product": "Movable Type Advanced", "versions": [{"status": "affected", "version": "8.8.2 and earlier"}]}, {"vendor": "Six Apart Ltd.", "product": "Movable Type Advanced", "versions": [{"status": "affected", "version": "8.0.9 and earlier"}]}, {"vendor": "Six Apart Ltd.", "product": "Movable Type Premium", "versions": [{"status": "affected", "version": "9.1.0 and earlier"}]}, {"vendor": "Six Apart Ltd.", "product": "Movable Type Premium", "versions": [{"status": "affected", "version": "9.0.6 and earlier"}]}, {"vendor": "Six Apart Ltd.", "product": "Movable Type Premium Advanced Edition", "versions": [{"status": "affected", "version": "9.1.0 and earlier"}]}, {"vendor": "Six Apart Ltd.", "product": "Movable Type Premium Advanced Edition", "versions": [{"status": "affected", "version": "9.0.6 and earlier"}]}, {"vendor": "Six Apart Ltd.", "product": "Movable Type Premium", "versions": [{"status": "affected", "version": "2.14 and earlier"}]}, {"vendor": "Six Apart Ltd.", "product": "Movable Type Premium Advanced Edition", "versions": [{"status": "affected", "version": "2.14 and earlier"}]}, {"vendor": "Six Apart Ltd.", "product": "Movable Type Premium (MT8-based)", "versions": [{"status": "affected", "version": "2.14 and earlier"}]}, {"vendor": "Six Apart Ltd.", "product": "Movable Type", "versions": [{"status": "affected", "version": "5.1 to 5.18"}]}, {"vendor": "Six Apart Ltd.", "product": "Movable Type", "versions": [{"status": "affected", "version": "5.2"}, {"status": "affected", "version": "5.2.1 to 5.2.13"}]}, {"vendor": "Six Apart Ltd.", "product": "Movable Type", "versions": [{"status": "affected", "version": "6.0"}, {"status": "affected", "version": "6.0.1 to 6.8.8"}]}, {"vendor": "Six Apart Ltd.", "product": "Movable Type", "versions": [{"status": "affected", "version": "7 r.4207 to r.5510"}]}, {"vendor": "Six Apart Ltd.", "product": "Movable Type", "versions": [{"status": "affected", "version": "8.4.0 to 8.4.4"}]}, {"vendor": "Six Apart Ltd.", "product": "Movable Type", "versions": [{"status": "affected", "version": "1.0 to 1.68"}]}], "references": [{"url": "https://movabletype.org/news/2026/04/mt-907-released.html"}, {"url": "https://www.sixapart.jp/movabletype/news/2026/04/08-1100.html"}, {"url": "https://jvn.jp/en/jp/JVN66473735/"}], "descriptions": [{"lang": "en", "value": "Movable Type provided by Six Apart Ltd. contains a code injection vulnerability which may allow an attacker to execute arbitrary Perl script."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-94", "description": "Code injection"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2026-04-08T08:52:15.469Z"}}}, "cveMetadata": {"cveId": "CVE-2026-25776", "state": "PUBLISHED", "dateUpdated": "2026-04-08T13:22:04.832Z", "dateReserved": "2026-03-26T01:06:12.957Z", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2026-04-08T08:52:15.469Z", "assignerShortName": "jpcert"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Movable Type provided by Six Apart Ltd. contains a code injection vulnerability which may allow an attacker to execute arbitrary Perl script."}], "id": "CVE-2026-25776", "lastModified": "2026-04-08T21:26:35.910", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "vultures@jpcert.or.jp", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "vultures@jpcert.or.jp", "type": "Secondary"}]}, "published": "2026-04-08T09:16:20.360", "references": [{"source": "vultures@jpcert.or.jp", "url": "https://jvn.jp/en/jp/JVN66473735/"}, {"source": "vultures@jpcert.or.jp", "url": "https://movabletype.org/news/2026/04/mt-907-released.html"}, {"source": "vultures@jpcert.or.jp", "url": "https://www.sixapart.jp/movabletype/news/2026/04/08-1100.html"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "vultures@jpcert.or.jp", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-08T11:35:46.859834+00:00", "value": {"mitigation_remediation": ["Apply the latest Movable\u00a0Type release that includes the remediation for this code injection flaw, such as the patch supplied with version\u00a0907 or newer", "Verify that the updated package has corrected the input validation around Perl execution paths", "If an update is not immediately available, isolate the affected site from external access and monitor for unauthorized code execution attempts", "Check the vendor\u2019s security advisory pages for any interim mitigation guidance"], "summary": {"action": "Patch Update", "impact": "Remote code execution via arbitrary Perl injection"}, "threat_synthesis": {"affected_systems": "All editions of Movable\u00a0Type from Six\u00a0Apart Ltd.\u2014standard, Advanced, Premium, Premium Advanced, and the MT8\u2011based Premium release\u2014are affected. No specific version numbers are enumerated; any installation lacking the latest patch may be vulnerable.", "description_and_impact": "Movable\u00a0Type contains a code injection flaw (CWE\u201194) that allows attackers to embed and run arbitrary Perl code. The vulnerability arises from insufficient validation of user\u2011supplied data in the blog entry processing component. Successful exploitation gives an attacker full control over the web server running the application, enabling data theft, modification, arbitrary code execution and potential lateral movement.", "risk_and_exploitability": "The flaw carries a CVSS score of 9.3, indicating a critical level of danger. An exploit probability score is not available, and the vulnerability is not listed in CISA\u2019s KEV catalog. The attack vector can be inferred to be remote through the web interface, requiring network access to the affected instance. Attackers would gain unrestricted control without additional privileges."}}}}, "created": "2026-04-08T19:39:58.508575+00:00", "title": "Code injection in Movable Type enables arbitrary Perl execution", "updated": "2026-04-08T19:39:58.508602+00:00", "vendors": []}