{“lastseen”:””,”description”:”Missing authorization vulnerability exists in Movable Type. Under certain conditions, when a user without administrator privileges signs in to the product, unintended update processing may be executed.”,”published”:”2026-05-20T05:28:14.892Z”,”modified”:”2026-05-20T05:28:14.892Z”,”type”:”cve”,”title”:”CVE-2026-44392″,”source”:”jpcert”,”references”:”https:\/\/movabletype.org\/news\/2026\/05\/mt-908-released.html\\nhttps:\/\/www.sixapart.jp\/movabletype\/news\/2026\/05\/20-1100.html\\nhttps:\/\/jvn.jp\/en\/jp\/JVN66473735\/”,”id”:”CVE-2026-44392″,”bulletinFamily”:””,”cwe”:[“CWE-862″],”cvelist”:null,”sourceData”:”Six Apart Ltd. Movable Type 9.1.1 and earlier\\nSix Apart Ltd. Movable Type 9.0.7 and earlier\\nSix Apart Ltd. Movable Type 8.8.3 and earlier\\nSix Apart Ltd. Movable Type 8.0.10 and earlier\\nSix Apart Ltd. Movable Type Advanced 9.1.1 and earlie\\nSix Apart Ltd. Movable Type Advanced 9.0.7 and earlier\\nSix Apart Ltd. Movable Type Advanced 8.8.3 and earlier\\nSix Apart Ltd. Movable Type Advanced 8.0.10 and earlier\\nSix Apart Ltd. Movable Type Premium 9.1.1 and earlier\\nSix Apart Ltd. Movable Type Premium 9.0.7 and earlier\\nSix Apart Ltd. Movable Type Premium 2.15 and earlier (included in Movable Type 8.8.4 and earlier or Movable Type 8.0.11 and earlier)\\nSix Apart Ltd. Movable Type Premium (Advanced Edition) 9.1.1 and earlier\\nSix Apart Ltd. Movable Type Premium (Advanced Edition) 9.0.7 and earlier\\nSix Apart Ltd. Movable Type Premium (Advanced Edition) 2.15 and earlier (included in Movable Type 8.8.4 and earlier or Movable Type 8.0.11 and earlier)”,”sourceHref”:””,”cvss”:{“score”:4.3,”severity”:”MEDIUM”,”vector”:”CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:L\/A:N”,”version”:”3.0″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”Movable Type”,”version”:”9.1.1 and earlier”,”vendor”:”Six Apart Ltd.”,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:””,”description”:”Missing authorization vulnerability exists in Movable Type. Under certain conditions, when a user without administrator privileges signs in to the product, unintended update processing may…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,123,12,21,13,7,11,5],"class_list":["post-55749","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-43","tag-exploit","tag-medium","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n