CVE-2026-33088
moderate-risk
Published 2026-04-08
Movable Type provided by Six Apart Ltd. contains an SQL Injection vulnerability which may allow an attacker to execute an arbitrary SQL statement.
Do I need to act?
-
0.04% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (6)
Affected Vendors
References (3)
Third Party Advisory
https://jvn.jp/en/jp/JVN66473735/
Vendor Advisory
https://movabletype.org/news/2026/04/mt-907-released.html
Vendor Advisory
https://www.sixapart.jp/movabletype/news/2026/04/08-1100.html
45
/ 100
moderate-risk
Severity
32/34 · Critical
Exploitability
0/34 · Minimal
Exposure
13/34 · Low