EUVD-2026-17046

🗓️ 30 Mar 2026 00:31:08Reported by EUVDType

Non-administrative users can upload malicious files that run scripts in an administrator's browser on Movable Type seven and eight point four.

Reporter	Title	Published	Views	Family All 69
ATTACKERKB	CVE-2026-23704	4 Feb 202607:03	–	attackerkb
ATTACKERKB	CVE-2026-2370	29 Mar 202623:33	–	attackerkb
FreeBSD	Gitlab -- vulnerabilities	25 Mar 202600:00	–	freebsd
Chainguard	CVE-2026-2370 vulnerabilities	6 Apr 202601:17	–	cgr
Circl	CVE-2026-2370	25 Mar 202614:30	–	circl
Circl	CVE-2026-23704	8 Feb 202623:02	–	circl
CNNVD	Movable Type 代码问题漏洞	4 Feb 202600:00	–	cnnvd
CNNVD	GitLab 安全漏洞	29 Mar 202600:00	–	cnnvd
CVE	CVE-2026-2370	29 Mar 202623:33	–	cve
CVE	CVE-2026-23704	4 Feb 202607:03	–	cve

[
  {
    "enisaIdVendor": [
      {
        "id": "71e5183f-5edd-3bd2-b916-c4f57cd7d234",
        "vendor": {
          "name": "GitLab"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "405e5733-9b71-3a99-839a-c775d36540a9",
        "product": {
          "name": "GitLab"
        },
        "product_version": "18.10 <18.10.1"
      },
      {
        "id": "78c60df5-027e-38d8-bcaa-68bd3b599c75",
        "product": {
          "name": "GitLab"
        },
        "product_version": "18.9 <18.9.3"
      },
      {
        "id": "dd0f54fe-2c29-359a-bffd-e50075fc6c88",
        "product": {
          "name": "GitLab"
        },
        "product_version": "14.3 <18.8.7"
      }
    ]
  }
]

Source	Link
hackerone	www.hackerone.com/reports/3522829
gitlab	www.gitlab.com/gitlab-org/gitlab/-/work_items/589635
about	www.about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released/
nvd	www.nvd.nist.gov/vuln/detail/CVE-2026-23704
jvn	www.jvn.jp/en/jp/JVN45405689
movabletype	www.movabletype.org/news/2026/02/mt-906-released.html
sixapart	www.sixapart.jp/movabletype/news/2026/02/04-1100.html

30 Mar 2026 00:31Current

6.6Medium risk

Vulners AI Score6.6

CVSS 3.18.1 - 8.8

CVSS 45.1

CVSS 36.5

EPSS0.0002

SSVC