Description
MobaXterm Personal Edition (Portable), in its 26.3 version (Build 5154), allows arbitrary code execution by loading a malicious DLL located in the same directory as the portable executable. Because the application automatically loads the winspool.drv library from that location during startup, an attacker with local access can place a specially crafted DLL alongside the executable to be executed when the victim launches the application.
Published: 2026-06-12
Score: 8.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows an attacker to execute arbitrary code by exploiting the way MobaXterm Personal Edition Portable (Build 5154, version 26.3) loads the winspool.drv library from the current working directory during startup. By placing a malicious DLL with the same name in that directory, the application unwittingly loads and executes the DLL as the user who launches it. The flaw is a classic example of CWE‑427, where a program loads executables from an untrusted or uncontrolled path. It provides a local attacker the ability to run code with the same privileges as the victim, potentially leading to complete compromise of the local system.

Affected Systems

Affected vendors: Mobatek. Product: MobaXterm Personal Edition (Portable). Versions: 26.3 (Build 5154). The vulnerability has been addressed in version 26.4 and later.

Risk and Exploitability

The CVSS score of 8.5 classifies this issue as high severity. The EPSS for this CVE is not available and it is not listed in the CISA KEV catalog, indicating that no widespread exploitation has been reported yet. However, the flaw requires local file‑system access to place a malicious DLL in the application directory, making it a local attack vector. Once executed, the attacker gains the same privileges as the user launching the program and can perform any subsequent actions permitted to that user.

Generated by OpenCVE AI on June 12, 2026 at 15:28 UTC.

Remediation

Vendor Solution

The vulnerability has been fixed by the Mobatek team in version 26.4.

OpenCVE Recommended Actions

  • Upgrade MobaXterm Personal Edition Portable to version 26.4 or later to eliminate the flaw.
  • If an upgrade is not immediately possible, run the portable executable from a directory that contains no user‑supplied DLLs, or that has been verified to contain only trusted DLLs.
  • Limit local user permissions or run the application inside a sandboxed environment to reduce the impact of any potential code execution.

Generated by OpenCVE AI on June 12, 2026 at 15:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 12 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Mobatek mobaxterm Personal Edition
Vendors & Products Mobatek mobaxterm Personal Edition

Fri, 12 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 12 Jun 2026 13:45:00 +0000

Type Values Removed Values Added
Description MobaXterm Personal Edition (Portable), in its 26.3 version (Build 5154), allows arbitrary code execution by loading a malicious DLL located in the same directory as the portable executable. Because the application automatically loads the winspool.drv library from that location during startup, an attacker with local access can place a specially crafted DLL alongside the executable to be executed when the victim launches the application.
Title Arbitrary code execution in MobaXterm Personal Edition (Portable)
First Time appeared Mobatek
Mobatek mobaxterm Personal Edition Portable
Weaknesses CWE-427
CPEs cpe:2.3:a:mobatek:mobaxterm_personal_edition_portable_:26.3:*:*:*:*:*:*:*
cpe:2.3:a:mobatek:mobaxterm_personal_edition_portable_:26.4:*:*:*:*:*:*:*
Vendors & Products Mobatek
Mobatek mobaxterm Personal Edition Portable
References
Metrics cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Mobatek Mobaxterm Personal Edition Mobaxterm Personal Edition Portable
cve-icon MITRE

Status: PUBLISHED

Assigner: INCIBE

Published:

Updated: 2026-06-12T14:01:05.844Z

Reserved: 2026-06-11T09:40:52.971Z

Link: CVE-2026-11967

cve-icon Vulnrichment

Updated: 2026-06-12T14:00:59.400Z

cve-icon NVD

Status : Deferred

Published: 2026-06-12T14:16:30.103

Modified: 2026-06-12T16:00:18.860

Link: CVE-2026-11967

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-12T20:20:21Z

Weaknesses
  • CWE-427

    Uncontrolled Search Path Element