CVE 8.5 HIGH

Arbitrary code execution in MobaXterm Personal Edition (Portable)_CVE-2026-11879

June 12, 2026 invoker category_cve

8.5 / 10

HIGH

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

MobaXterm Personal Edition (Portable), in its 26.3 version (Build 5154), allows arbitrary code execution by loading malicious DLLs from a temporary directory that is predictable and can be modified by the user. During startup, the application searches for specific DLLs in this location before resorting to the system’s secure paths, enabling an attacker with local access to place a specially crafted DLL to be executed automatically when the victim launches the application.

AI Analysis

Arbitrary code execution vulnerability in MobaXterm Personal Edition (Portable) due to loading of malicious DLLs from a predictable temporary directory

Basic Information

ID CVE-2026-11879

Source INCIBE

Published Jun 12, 2026 at 13:29

Affected Product

Vendor Mobatek

Product MobaXterm Personal Edition (Portable)

Version 26.3

Affected Versions Mobatek MobaXterm Personal Edition (Portable) 26.3

CWE Classification

CWE-427

AI Assessment

AI Score 8.5 / 10

AI Severity High

Vendor Mobatek

Product MobaXterm Personal Edition (Portable)

Version 26.3

References

www.incibe.es /en/incibe-cert/notices/aviso/multiple-vulnerabilities-mobateks-mobaxterm-personal-edition-portable

{
    "lastseen": "",
    "description": "MobaXterm Personal Edition (Portable), in its 26.3 version (Build 5154), allows arbitrary code execution by loading malicious DLLs from a temporary directory that is predictable and can be modified by the user. During startup, the application searches for specific DLLs in this location before resorting to the system\u2019s secure paths, enabling an attacker with local access to place a specially crafted DLL to be executed automatically when the victim launches the application.",
    "published": "2026-06-12T13:29:41.921Z",
    "modified": "2026-06-12T13:29:41.921Z",
    "type": "cve",
    "title": "Arbitrary code execution in MobaXterm Personal Edition (Portable)",
    "source": "INCIBE",
    "references": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-mobateks-mobaxterm-personal-edition-portable",
    "id": "CVE-2026-11879",
    "bulletinFamily": "",
    "cwe": [
        "CWE-427"
    ],
    "cvelist": null,
    "sourceData": "Mobatek MobaXterm Personal Edition (Portable) 26.3",
    "sourceHref": "",
    "cvss": {
        "score": 8.5,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "MobaXterm Personal Edition (Portable)",
    "version": "26.3",
    "vendor": "Mobatek",
    "ai_description": "Arbitrary code execution vulnerability in MobaXterm Personal Edition (Portable) due to loading of malicious DLLs from a predictable temporary directory",
    "ai_severity": "High",
    "ai_vendor": "Mobatek",
    "ai_product": "MobaXterm Personal Edition (Portable)",
    "ai_version": "26.3",
    "ai_score": 8.5
}

💭 Join the Security Discussion ❌ Cancel Reply