CVE-2026-33088

HIGH SEVERITY

CVSS Score & Metrics

Base Score

7.3 / 10

Vector String

                                        CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L                                    

Movable Type provided by Six Apart Ltd. contains an SQL Injection vulnerability which may allow an attacker to execute an arbitrary SQL statement.

Published Date

April 08, 2026

Last Modified

April 08, 2026

CWE ID

CWE-89

Source

NVD

Vendor

Six Apart Ltd.

Product

Movable Type, Movable Type Advanced, Movable Type Premium, Movable Type Premium Advanced Edition, Movable Type Premium (MT8-based)