{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24447", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2026-01-29T02:02:27.800Z", "datePublished": "2026-02-04T07:04:04.422Z", "dateUpdated": "2026-02-04T15:55:26.690Z"}, "containers": {"cna": {"affected": [{"vendor": "Six Apart Ltd.", "product": "Movable Type (Software Edition)", "versions": [{"version": "9.0.4 to 9.0.5 (9.0 series)", "status": "affected"}, {"version": "8.8.0 to 8.8.1 (8.8 series)", "status": "affected"}, {"version": "8.0.2 to 8.0.8 (8.0 series)", "status": "affected"}]}, {"vendor": "Six Apart Ltd.", "product": "Movable Type Advanced (Software Edition)", "versions": [{"version": "9.0.4 to 9.0.5 (9.0 series)", "status": "affected"}, {"version": "8.8.0 to 8.8.1 (8.8 series)", "status": "affected"}, {"version": "8.0.2 to 8.0.8 (8.0 series)", "status": "affected"}]}, {"vendor": "Six Apart Ltd.", "product": "Movable Type Premium (Software Edition)", "versions": [{"version": "9.0.4 (MTP 9.0 series)", "status": "affected"}, {"version": "2.13 and earlier (MTP 2 series)", "status": "affected"}]}, {"vendor": "Six Apart Ltd.", "product": "Movable Type Premium (Advanced Edition) (Software Edition)", "versions": [{"version": "9.0.4 (MTP 9.0 series)", "status": "affected"}, {"version": "2.13 and earlier (MTP 2 series)", "status": "affected"}]}, {"vendor": "Six Apart Ltd.", "product": "Movable Type (Cloud Edition)", "versions": [{"version": "9.0.5 (9 series)", "status": "affected"}, {"version": "8.8.1 (8 series)", "status": "affected"}]}, {"vendor": "Six Apart Ltd.", "product": "Movable Type Premium (Cloud Edition)", "versions": [{"version": "9.0.5 (9 series)", "status": "affected"}, {"version": "2.12 (MTP 2 series)", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "If a malformed data is input to the affected product, a CSV file downloaded from the affected product may contain such malformed data. When a victim user download and open such a CSV file, the embedded code may be executed in the user's environment. Note that Movable Type 7 series and 8.4 series, which are End-of-Life (EOL), are affected by the vulnerability as well."}], "problemTypes": [{"descriptions": [{"description": "Improper neutralization of formula elements in a CSV file", "lang": "en-US", "cweId": "CWE-1236", "type": "CWE"}]}], "references": [{"url": "https://movabletype.org/news/2026/02/mt-906-released.html"}, {"url": "https://www.sixapart.jp/movabletype/news/2026/02/04-1100.html"}, {"url": "https://jvn.jp/en/jp/JVN45405689/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_0": {"version": "3.0", "baseSeverity": "MEDIUM", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L"}}, {"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV4_0": {"version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L"}}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2026-02-04T07:04:04.422Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-04T15:55:19.585103Z", "id": "CVE-2026-24447", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-04T15:55:26.690Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24447", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-04T15:55:19.585103Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-04T15:55:22.739Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"version": "4.0", "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Six Apart Ltd.", "product": "Movable Type (Software Edition)", "versions": [{"status": "affected", "version": "9.0.4 to 9.0.5 (9.0 series)"}, {"status": "affected", "version": "8.8.0 to 8.8.1 (8.8 series)"}, {"status": "affected", "version": "8.0.2 to 8.0.8 (8.0 series)"}]}, {"vendor": "Six Apart Ltd.", "product": "Movable Type Advanced (Software Edition)", "versions": [{"status": "affected", "version": "9.0.4 to 9.0.5 (9.0 series)"}, {"status": "affected", "version": "8.8.0 to 8.8.1 (8.8 series)"}, {"status": "affected", "version": "8.0.2 to 8.0.8 (8.0 series)"}]}, {"vendor": "Six Apart Ltd.", "product": "Movable Type Premium (Software Edition)", "versions": [{"status": "affected", "version": "9.0.4 (MTP 9.0 series)"}, {"status": "affected", "version": "2.13 and earlier (MTP 2 series)"}]}, {"vendor": "Six Apart Ltd.", "product": "Movable Type Premium (Advanced Edition) (Software Edition)", "versions": [{"status": "affected", "version": "9.0.4 (MTP 9.0 series)"}, {"status": "affected", "version": "2.13 and earlier (MTP 2 series)"}]}, {"vendor": "Six Apart Ltd.", "product": "Movable Type (Cloud Edition)", "versions": [{"status": "affected", "version": "9.0.5 (9 series)"}, {"status": "affected", "version": "8.8.1 (8 series)"}]}, {"vendor": "Six Apart Ltd.", "product": "Movable Type Premium (Cloud Edition)", "versions": [{"status": "affected", "version": "9.0.5 (9 series)"}, {"status": "affected", "version": "2.12 (MTP 2 series)"}]}], "references": [{"url": "https://movabletype.org/news/2026/02/mt-906-released.html"}, {"url": "https://www.sixapart.jp/movabletype/news/2026/02/04-1100.html"}, {"url": "https://jvn.jp/en/jp/JVN45405689/"}], "descriptions": [{"lang": "en", "value": "If a malformed data is input to the affected product, a CSV file downloaded from the affected product may contain such malformed data. When a victim user download and open such a CSV file, the embedded code may be executed in the user's environment. Note that Movable Type 7 series and 8.4 series, which are End-of-Life (EOL), are affected by the vulnerability as well."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-1236", "description": "Improper neutralization of formula elements in a CSV file"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2026-02-04T07:04:04.422Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24447", "state": "PUBLISHED", "dateUpdated": "2026-02-04T15:55:26.690Z", "dateReserved": "2026-01-29T02:02:27.800Z", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2026-02-04T07:04:04.422Z", "assignerShortName": "jpcert"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "If a malformed data is input to the affected product, a CSV file downloaded from the affected product may contain such malformed data. When a victim user download and open such a CSV file, the embedded code may be executed in the user's environment. Note that Movable Type 7 series and 8.4 series, which are End-of-Life (EOL), are affected by the vulnerability as well."}, {"lang": "es", "value": "Si se introduce un dato malformado en el producto afectado, un archivo CSV descargado del producto afectado puede contener dicho dato malformado. Cuando un usuario v\u00edctima descarga y abre dicho archivo CSV, el c\u00f3digo incrustado puede ejecutarse en el entorno del usuario. Tenga en cuenta que las series Movable Type 7 y 8.4, que est\u00e1n al final de su vida \u00fatil (EOL), tambi\u00e9n se ven afectadas por la vulnerabilidad."}], "id": "CVE-2026-24447", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "version": "3.0"}, "exploitabilityScore": 2.3, "impactScore": 3.7, "source": "vultures@jpcert.or.jp", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "vultures@jpcert.or.jp", "type": "Secondary"}]}, "published": "2026-02-04T07:16:01.560", "references": [{"source": "vultures@jpcert.or.jp", "url": "https://jvn.jp/en/jp/JVN45405689/"}, {"source": "vultures@jpcert.or.jp", "url": "https://movabletype.org/news/2026/02/mt-906-released.html"}, {"source": "vultures@jpcert.or.jp", "url": "https://www.sixapart.jp/movabletype/news/2026/02/04-1100.html"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1236"}], "source": "vultures@jpcert.or.jp", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T18:32:42.156897+00:00", "value": {"mitigation_remediation": ["Apply the vendor patch that fixes the malformed CSV export flaw", "If an upgrade is not immediately possible, disable or restrict CSV export functionality to prevent vulnerable file generation", "Enforce strict input validation and sanitization of any data that could become part of CSV exports, ensuring that embedded code cannot be executed"], "summary": {"action": "Assess Impact", "impact": "Remote Code Execution via CSV file download"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Six Apart Ltd. Movable Type Cloud Edition, Software Edition, Advanced, and Premium lines, including the 7 series and 8.4 series, which are currently End\u2011of\u2011Life. Any deployment of these editions that exports or downloads CSV reports is susceptible.", "description_and_impact": "A malformed CSV file generated by the affected Movable Type editions can trigger execution of embedded code when the victim opens the file, potentially allowing remote code execution. This weakness, identified as CWE-1236, directly compromises the confidentiality, integrity, and availability of the victim\u2019s environment.", "risk_and_exploitability": "The CVSS score of 4.8 indicates medium severity, and the EPSS of less than 1% suggests a low probability of widespread exploitation. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires an attacker to supply malformed data that leads to a CSV export, followed by the victim opening that file \u2013 an indirect attack vector that relies on user interaction. Despite its low exploitation likelihood, the potential impact warrants prompt attention."}}}}, "created": "2026-02-04T21:18:27.254315+00:00", "title": "CSV Export Malformed Data Leading to Embedded Code Execution", "updated": "2026-04-18T18:45:05.745746+00:00", "vendors": ["six_apart", "six_apart$PRODUCT$movable_type", "six_apart_ltd", "six_apart_ltd$PRODUCT$movable_type"]}