CVE-2026-44392

Published: May 20, 2026

Modified: May 20, 2026

PUBLISHED

CVSS v3.0

4.3

MEDIUM

Description

Missing authorization vulnerability exists in Movable Type. Under certain conditions, when a user without administrator privileges signs in to the product, unintended update processing may be executed.

Vendor	Product	Versions
Six Apart Ltd.	Movable Type	affected `9.1.1 and earlier`
Six Apart Ltd.	Movable Type	affected `9.0.7 and earlier`
Six Apart Ltd.	Movable Type	affected `8.8.3 and earlier`
Six Apart Ltd.	Movable Type	affected `8.0.10 and earlier`
Six Apart Ltd.	Movable Type Advanced	affected `9.1.1 and earlie`
Six Apart Ltd.	Movable Type Advanced	affected `9.0.7 and earlier`
Six Apart Ltd.	Movable Type Advanced	affected `8.8.3 and earlier`
Six Apart Ltd.	Movable Type Advanced	affected `8.0.10 and earlier`
Six Apart Ltd.	Movable Type Premium	affected `9.1.1 and earlier`
Six Apart Ltd.	Movable Type Premium	affected `9.0.7 and earlier`
Six Apart Ltd.	Movable Type Premium	affected `2.15 and earlier (included in Movable Type 8.8.4 and earlier or Movable Type 8.0.11 and earlier)`
Six Apart Ltd.	Movable Type Premium (Advanced Edition)	affected `9.1.1 and earlier`
Six Apart Ltd.	Movable Type Premium (Advanced Edition)	affected `9.0.7 and earlier`
Six Apart Ltd.	Movable Type Premium (Advanced Edition)	affected `2.15 and earlier (included in Movable Type 8.8.4 and earlier or Movable Type 8.0.11 and earlier)`