Critical severity9.8NVD Advisory· Published Apr 8, 2026· Updated Apr 20, 2026
CVE-2026-33088
CVE-2026-33088
Description
Movable Type provided by Six Apart Ltd. contains an SQL Injection vulnerability which may allow an attacker to execute an arbitrary SQL statement.
Affected products
6cpe:2.3:a:sixapart:movable_type:9.0.5:*:*:*:premium_advanced:*:*:*+ 5 more
- cpe:2.3:a:sixapart:movable_type:9.0.5:*:*:*:premium_advanced:*:*:*
- cpe:2.3:a:sixapart:movable_type:9.0.6:*:*:*:premium_advanced:*:*:*
- cpe:2.3:a:sixapart:movable_type:9.1.0:*:*:*:advanced:*:*:*
- cpe:2.3:a:sixapart:movable_type:9.1.0:*:*:*:premium_advanced:*:*:*
- cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*range: >=8.0.2,<8.0.10
- cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium_advanced:*:*:*range: <=2.14
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- jvn.jp/en/jp/JVN66473735/nvdThird Party Advisory
- movabletype.org/news/2026/04/mt-907-released.htmlnvdVendor Advisory
- www.sixapart.jp/movabletype/news/2026/04/08-1100.htmlnvdVendor Advisory
News mentions
0No linked articles in our index yet.