CVE-2026-44392_CVE-2026-44392

4.3 / 10

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Description

Missing authorization vulnerability exists in Movable Type. Under certain conditions, when a user without administrator privileges signs in to the product, unintended update processing may be executed.

Basic Information

ID CVE-2026-44392

Source jpcert

Published May 20, 2026 at 05:28

Affected Product

Vendor Six Apart Ltd.

Product Movable Type

Version 9.1.1 and earlier

Affected Versions Six Apart Ltd. Movable Type 9.1.1 and earlier
Six Apart Ltd. Movable Type 9.0.7 and earlier
Six Apart Ltd. Movable Type 8.8.3 and earlier
Six Apart Ltd. Movable Type 8.0.10 and earlier
Six Apart Ltd. Movable Type Advanced 9.1.1 and earlie
Six Apart Ltd. Movable Type Advanced 9.0.7 and earlier
Six Apart Ltd. Movable Type Advanced 8.8.3 and earlier
Six Apart Ltd. Movable Type Advanced 8.0.10 and earlier
Six Apart Ltd. Movable Type Premium 9.1.1 and earlier
Six Apart Ltd. Movable Type Premium 9.0.7 and earlier
Six Apart Ltd. Movable Type Premium 2.15 and earlier (included in Movable Type 8.8.4 and earlier or Movable Type 8.0.11 and earlier)
Six Apart Ltd. Movable Type Premium (Advanced Edition) 9.1.1 and earlier
Six Apart Ltd. Movable Type Premium (Advanced Edition) 9.0.7 and earlier
Six Apart Ltd. Movable Type Premium (Advanced Edition) 2.15 and earlier (included in Movable Type 8.8.4 and earlier or Movable Type 8.0.11 and earlier)

CWE Classification

CWE-862

References

{
    "lastseen": "",
    "description": "Missing authorization vulnerability exists in Movable Type. Under certain conditions, when a user without administrator privileges signs in to the product, unintended update processing may be executed.",
    "published": "2026-05-20T05:28:14.892Z",
    "modified": "2026-05-20T05:28:14.892Z",
    "type": "cve",
    "title": "CVE-2026-44392",
    "source": "jpcert",
    "references": "https://movabletype.org/news/2026/05/mt-908-released.html\nhttps://www.sixapart.jp/movabletype/news/2026/05/20-1100.html\nhttps://jvn.jp/en/jp/JVN66473735/",
    "id": "CVE-2026-44392",
    "bulletinFamily": "",
    "cwe": [
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "Six Apart Ltd. Movable Type 9.1.1 and earlier\nSix Apart Ltd. Movable Type 9.0.7 and earlier\nSix Apart Ltd. Movable Type 8.8.3 and earlier\nSix Apart Ltd. Movable Type 8.0.10 and earlier\nSix Apart Ltd. Movable Type Advanced 9.1.1 and earlie\nSix Apart Ltd. Movable Type Advanced 9.0.7 and earlier\nSix Apart Ltd. Movable Type Advanced 8.8.3 and earlier\nSix Apart Ltd. Movable Type Advanced 8.0.10 and earlier\nSix Apart Ltd. Movable Type Premium 9.1.1 and earlier\nSix Apart Ltd. Movable Type Premium 9.0.7 and earlier\nSix Apart Ltd. Movable Type Premium 2.15 and earlier (included in Movable Type 8.8.4 and earlier or Movable Type 8.0.11 and earlier)\nSix Apart Ltd. Movable Type Premium (Advanced Edition) 9.1.1 and earlier\nSix Apart Ltd. Movable Type Premium (Advanced Edition) 9.0.7 and earlier\nSix Apart Ltd. Movable Type Premium (Advanced Edition) 2.15 and earlier (included in Movable Type 8.8.4 and earlier or Movable Type 8.0.11 and earlier)",
    "sourceHref": "",
    "cvss": {
        "score": 4.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
        "version": "3.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Movable Type",
    "version": "9.1.1 and earlier",
    "vendor": "Six Apart Ltd.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}