Description
MobaXterm Personal Edition (Portable), in its 26.3 version (Build 5154), allows arbitrary code execution by loading malicious DLLs from a temporary directory that is predictable and can be modified by the user. During startup, the application searches for specific DLLs in this location before resorting to the system’s secure paths, enabling an attacker with local access to place a specially crafted DLL to be executed automatically when the victim launches the application.
Published: 2026-06-12
Score: 8.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

During startup, the Portable edition of MobaXterm version 26.3 loads DLL files from a predictable temporary directory before consulting system paths. An attacker who can write to that directory can place a malicious DLL, which the program runs automatically when launched. This flaw grants arbitrary code execution with the privileges of the launching user, allowing the attacker to compromise confidentiality, integrity, and availability.

Affected Systems

Mobatek’s MobaXterm Personal Edition (Portable) is affected by this flaw. It applies only to version 26.3, build 5154. The fix is delivered in version 26.4, which has already been released by the vendor.

Risk and Exploitability

The CVSS score of 8.5 signals a high‑severity issue. No EPSS score is available, and the flaw is not listed in CISA’s KEV catalog, but the local attack vector and ability to execute arbitrary code make it a significant risk. If an adversary has local access, they can exploit the predictable DLL path to gain control over the system.

Generated by OpenCVE AI on June 12, 2026 at 14:51 UTC.

Remediation

Vendor Solution

The vulnerability has been fixed by the Mobatek team in version 26.4.

OpenCVE Recommended Actions

  • Upgrade MobaXterm Personal Edition to version 26.4 or newer, which removes the vulnerability.
  • Restrict write permissions on the temporary directory used for DLL loading so that only authorized users can modify it.
  • Consider configuring the application to enforce a secure search path or disable automatic DLL loading to mitigate the untrusted search path weakness.

Generated by OpenCVE AI on June 12, 2026 at 14:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 12 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Mobatek mobaxterm Personal Edition
Vendors & Products Mobatek mobaxterm Personal Edition

Fri, 12 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 12 Jun 2026 13:45:00 +0000

Type Values Removed Values Added
Description MobaXterm Personal Edition (Portable), in its 26.3 version (Build 5154), allows arbitrary code execution by loading malicious DLLs from a temporary directory that is predictable and can be modified by the user. During startup, the application searches for specific DLLs in this location before resorting to the system’s secure paths, enabling an attacker with local access to place a specially crafted DLL to be executed automatically when the victim launches the application.
Title Arbitrary code execution in MobaXterm Personal Edition (Portable)
First Time appeared Mobatek
Mobatek mobaxterm Personal Edition Portable
Weaknesses CWE-427
CPEs cpe:2.3:a:mobatek:mobaxterm_personal_edition_portable_:26.3:*:*:*:*:*:*:*
cpe:2.3:a:mobatek:mobaxterm_personal_edition_portable_:26.4:*:*:*:*:*:*:*
Vendors & Products Mobatek
Mobatek mobaxterm Personal Edition Portable
References
Metrics cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Mobatek Mobaxterm Personal Edition Mobaxterm Personal Edition Portable
cve-icon MITRE

Status: PUBLISHED

Assigner: INCIBE

Published:

Updated: 2026-06-12T14:00:36.218Z

Reserved: 2026-06-10T13:20:14.951Z

Link: CVE-2026-11879

cve-icon Vulnrichment

Updated: 2026-06-12T14:00:33.063Z

cve-icon NVD

Status : Deferred

Published: 2026-06-12T14:16:29.890

Modified: 2026-06-12T16:00:18.860

Link: CVE-2026-11879

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-12T20:20:23Z

Weaknesses
  • CWE-427

    Uncontrolled Search Path Element