8.5
CVE-2026-11879
- EPSS 0.11%
- Veröffentlicht 12.06.2026 13:29:41
- Zuletzt bearbeitet 12.06.2026 16:00:18
- Quelle cve-coordination@incibe.es
- CVE-Watchlists
- Unerledigt
Arbitrary code execution in MobaXterm Personal Edition (Portable)
MobaXterm Personal Edition (Portable), in its 26.3 version (Build 5154), allows arbitrary code execution by loading malicious DLLs from a temporary directory that is predictable and can be modified by the user. During startup, the application searches for specific DLLs in this location before resorting to the system’s secure paths, enabling an attacker with local access to place a specially crafted DLL to be executed automatically when the victim launches the application.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerMobatek
≫
Produkt
MobaXterm Personal Edition (Portable)
Default Statusunaffected
Version
26.3
Status
affected
Version
26.4
Status
unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.11% | 0.015 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cve-coordination@incibe.es | 8.5 | 0 | 0 |
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-427 Uncontrolled Search Path Element
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-mobateks-mobaxterm-personal-edition-portable