CVE-2026-6421 - Vulnerability Details

- Mobatek MobaXterm Home Edition msimg32.dll uncontrolled search path

Description

A vulnerability has been found in Mobatek MobaXterm Home Edition up to 26.1. This affects an unknown part in the library msimg32.dll. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The attack is considered to have high complexity. It is indicated that the exploitability is difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 26.2 is able to mitigate this issue. It is suggested to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

Published: 2026-04-17

Score: 7.3 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

An uncontrolled search path vulnerability exists in the msimg32.dll component of Mobatek MobaXterm Home Edition. If an attacker can run code locally, they can influence the operating system's DLL resolution and load a malicious library in place of the legitimate one, allowing execution of arbitrary code with the rights of the MobaXterm user, potentially leading to privilege escalation or broader system compromise.

Affected Systems

Mobatek’s MobaXterm Home Edition up to version 26.1 is affected. The bundled msimg32.dll contains the flaw; installing the vendor’s fixed release, version 26.2, removes the vulnerability.

Risk and Exploitability

With a CVSS score of 7.3, the issue is considered high severity. The exploit has been publicly disclosed but requires local execution and a high complexity attack. Because EPSS data is unavailable and the vulnerability is not included in the KEV catalog, the likelihood of exploitation remains uncertain, yet the potential impact is significant. The prompt release of an updated version limits exposure for those who update quickly.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Mobatek

MobaXterm Home Edition

affected

Version	Status	Constraints
`26.0`	affected	—
`26.1`	affected	—
`26.2`	unaffected	—

No data.

Vendor Product Confidence Versions

Mobatek

Mobaxterm Home Edition

100%

Version	Status	Scheme	Platform
`26.0`	affected	generic	—
`26.1`	affected	generic	—
`26.2`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade to MobaXterm Home Edition 26.2 or later, which removes the vulnerable msimg32.dll.
Download and install MobaXterm only from Mobatek’s official website to ensure the binary is untampered.
If immediate upgrade is unavailable, isolate msimg32.dll by removing its directory from the system’s DLL search path or placing the file in a protected, non-searchable location.
Monitor system logs for unusual DLL load events that may indicate exploitation attempts.

Generated by OpenCVE AI on April 17, 2026 at 07:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Local

Attack Complexity High

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity High

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00005.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://download.mobatek.net/2622026032581854/MobaXterm_Installer_v26.2.zip
https://drive.google.com/file/d/17bbNDzfoD3NNPlUMkSYs8bVzVbbwddnU/view
https://mobaxterm.mobatek.net/download-home-edition.html
https://vuldb.com/submit/778851
https://vuldb.com/vuln/358020
https://vuldb.com/vuln/358020/cti

History

Fri, 17 Apr 2026 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 17 Apr 2026 08:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Mobatek Mobatek mobaxterm Home Edition
Vendors & Products		Mobatek Mobatek mobaxterm Home Edition

Fri, 17 Apr 2026 06:15:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability has been found in Mobatek MobaXterm Home Edition up to 26.1. This affects an unknown part in the library msimg32.dll. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The attack is considered to have high complexity. It is indicated that the exploitability is difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 26.2 is able to mitigate this issue. It is suggested to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
Title		Mobatek MobaXterm Home Edition msimg32.dll uncontrolled search path
Weaknesses		CWE-426 CWE-427
References		https://download.mobatek.net/2622026032581854/MobaXterm_Installer_v26.2.zip https://drive.google.com/file/d/17bbNDzfoD3NNPlUMkSYs8bVzVbbwddnU/view https://mobaxterm.mobatek.net/download-home-edition.html https://vuldb.com/submit/778851 https://vuldb.com/vuln/358020 https://vuldb.com/vuln/358020/cti
Metrics		cvssV2_0 `{'score': 6, 'vector': 'AV:L/AC:H/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C'}` cvssV3_0 `{'score': 7, 'vector': 'CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C'}` cvssV3_1 `{'score': 7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C'}` cvssV4_0 `{'score': 7.3, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Mobatek Mobaxterm Home Edition

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-04-17T05:45:11.921Z

Updated: 2026-04-17T18:37:21.676Z

Reserved: 2026-04-16T07:31:04.242Z

Link: CVE-2026-6421

Vulnrichment

Updated: 2026-04-17T18:37:17.954Z

NVD

Status : Received

Published: 2026-04-17T06:16:30.367

Modified: 2026-04-17T06:16:30.367

Link: CVE-2026-6421

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-17T08:01:11Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity High

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity High

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object