CVE-2026-23704

MEDIUM5.1Remote code exec

Description

A non-administrative user can upload malicious files. When an administrator or the product accesses that file, an arbitrary script may be executed on the administrator's browser. Note that Movable Type 7 series and 8.4 series, which are End-of-Life (EOL), are affected by the vulnerability as well.

CVSS breakdown

CVSS 4.0

Attack Vector

Network

Attack Complexity

Low

Attack Requirements

None

Privileges Required

Low

User Interaction

Passive

Confidentiality (Vulnerable System)

None

Integrity (Vulnerable System)

None

Availability (Vulnerable System)

None

Confidentiality (Subsequent System)

Low

Integrity (Subsequent System)

Low

Availability (Subsequent System)

Low

CVSS 3.0

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

Low

Affected products

Six Apart Ltd. / Movable Type Advanced (Software Edition)8.0.2 to 8.0.8 (8.0 series) – 8.0.2 to 8.0.8 (8.0 series)
Six Apart Ltd. / Movable Type Advanced (Software Edition)9.0.4 to 9.0.5 (9.0 series) – 9.0.4 to 9.0.5 (9.0 series)
Six Apart Ltd. / Movable Type Advanced (Software Edition)8.8.0 to 8.8.1 (8.8 series) – 8.8.0 to 8.8.1 (8.8 series)
Six Apart Ltd. / Movable Type (Cloud Edition)9.0.5 (9 series) – 9.0.5 (9 series)
Six Apart Ltd. / Movable Type (Cloud Edition)8.8.1 (8 series) – 8.8.1 (8 series)
Six Apart Ltd. / Movable Type Premium (Advanced Edition) (Software Edition)9.0.4 (MTP 9.0 series) – 9.0.4 (MTP 9.0 series)
Six Apart Ltd. / Movable Type Premium (Advanced Edition) (Software Edition)2.13 and earlier (MTP 2 series) – 2.13 and earlier (MTP 2 series)
Six Apart Ltd. / Movable Type Premium (Cloud Edition)9.0.5 (9 series) – 9.0.5 (9 series)
Six Apart Ltd. / Movable Type Premium (Cloud Edition)2.12 (MTP 2 series) – 2.12 (MTP 2 series)
Six Apart Ltd. / Movable Type Premium (Software Edition)2.13 and earlier (MTP 2 series) – 2.13 and earlier (MTP 2 series)
Six Apart Ltd. / Movable Type Premium (Software Edition)9.0.4 (MTP 9.0 series) – 9.0.4 (MTP 9.0 series)
Six Apart Ltd. / Movable Type (Software Edition)9.0.4 to 9.0.5 (9.0 series) – 9.0.4 to 9.0.5 (9.0 series)
Six Apart Ltd. / Movable Type (Software Edition)8.0.2 to 8.0.8 (8.0 series) – 8.0.2 to 8.0.8 (8.0 series)
Six Apart Ltd. / Movable Type (Software Edition)8.8.0 to 8.8.1 (8.8 series) – 8.8.0 to 8.8.1 (8.8 series)

CVE-2026-23704

Description

CVSS breakdown

Affected products

References