CVE-2026-44392
CVSS Score
4.3
EPSS Score
0.0%
EPSS Percentile
0th
Missing authorization vulnerability exists in Movable Type. Under certain conditions, when a user without administrator privileges signs in to the product, unintended update processing may be executed.
| Vendor | six apart ltd. |
| Product | movable type |
| Published | May 20, 2026 |
| Last Updated | May 20, 2026 |
Stay Ahead of the Next One
Get instant alerts for six apart ltd. movable type
Be the first to know when new medium vulnerabilities affecting six apart ltd. movable type are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Affected Versions
Six Apart Ltd. / Movable Type
9.1.1 and earlier
Six Apart Ltd. / Movable Type
9.0.7 and earlier
Six Apart Ltd. / Movable Type
8.8.3 and earlier
Six Apart Ltd. / Movable Type
8.0.10 and earlier
Six Apart Ltd. / Movable Type Advanced
9.1.1 and earlie
Six Apart Ltd. / Movable Type Advanced
9.0.7 and earlier
Six Apart Ltd. / Movable Type Advanced
8.8.3 and earlier
Six Apart Ltd. / Movable Type Advanced
8.0.10 and earlier
Six Apart Ltd. / Movable Type Premium
9.1.1 and earlier
Six Apart Ltd. / Movable Type Premium
9.0.7 and earlier
Six Apart Ltd. / Movable Type Premium
2.15 and earlier (included in Movable Type 8.8.4 and earlier or Movable Type 8.0.11 and earlier)
Six Apart Ltd. / Movable Type Premium (Advanced Edition)
9.1.1 and earlier
Six Apart Ltd. / Movable Type Premium (Advanced Edition)
9.0.7 and earlier
Six Apart Ltd. / Movable Type Premium (Advanced Edition)
2.15 and earlier (included in Movable Type 8.8.4 and earlier or Movable Type 8.0.11 and earlier)