LeakyCreds
NewInstant webhook alerts now available ā€” notified within seconds of any credential detection.Learn more ā†’
Home / Vulnerability Intelligence / CVE-2026-25776

CVE-2026-25776 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: April 8, 2026

Six Apart Ltd. Movable Type - Command Injection

Published: April 8, 2026Updated: April 8, 2026Remote Exploitable

Overview

Six Apart Ltd. Movable Type contains a code injection vulnerability caused by improper input handling, letting attackers execute arbitrary Perl scripts remotely, exploit requires crafted input.

Severity & Score

Severity: Critical
CVSS Score: 9.8
EPSS Score: 4.9%(Probability of exploitation in next 30 days)

Impact

Attackers can execute arbitrary Perl scripts, potentially leading to full system compromise.

Mitigation

Update to the latest version of Movable Type.

References

Social Media Activity(1 post)

TheHackerWire
TheHackerWire
@thehackerwire
Apr 9, 2026

šŸ”“ CVE-2026-25776 - Critical (9.8) Movable Type provided by Six Apart Ltd. contains a code injection vulnerability which may allow an attacker to execute arbitrary Perl script. šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-25776/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID
CVE-2026-25776
Severity
Critical
CVSS Score
9.8
Type
command_injection
Status
unconfirmed
EPSS
4.9%
Social Posts
1

CWE

  • CWE-94

CVSS Metrics

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

4.9%Probability of exploitation in the next 30 days