8.5
CVE-2026-11967
- EPSS 0.11%
- Veröffentlicht 12.06.2026 13:30:10
- Zuletzt bearbeitet 12.06.2026 16:00:18
- Quelle cve-coordination@incibe.es
- CVE-Watchlists
- Unerledigt
Arbitrary code execution in MobaXterm Personal Edition (Portable)
MobaXterm Personal Edition (Portable), in its 26.3 version (Build 5154), allows arbitrary code execution by loading a malicious DLL located in the same directory as the portable executable. Because the application automatically loads the winspool.drv library from that location during startup, an attacker with local access can place a specially crafted DLL alongside the executable to be executed when the victim launches the application.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerMobatek
≫
Produkt
MobaXterm Personal Edition (Portable)
Default Statusunaffected
Version
26.3
Status
affected
Version
26.4
Status
unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.11% | 0.015 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cve-coordination@incibe.es | 8.5 | 0 | 0 |
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-427 Uncontrolled Search Path Element
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-mobateks-mobaxterm-personal-edition-portable