CVE 8.5 HIGH

Arbitrary code execution in MobaXterm Personal Edition (Portable)_CVE-2026-11967

June 12, 2026 invoker category_cve

8.5 / 10

HIGH

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

MobaXterm Personal Edition (Portable), in its 26.3 version (Build 5154), allows arbitrary code execution by loading a malicious DLL located in the same directory as the portable executable. Because the application automatically loads the winspool.drv library from that location during startup, an attacker with local access can place a specially crafted DLL alongside the executable to be executed when the victim launches the application.

AI Analysis

Arbitrary code execution vulnerability in MobaXterm Personal Edition (Portable) due to loading of malicious DLL

Basic Information

ID CVE-2026-11967

Source INCIBE

Published Jun 12, 2026 at 13:30

Modified Jun 12, 2026 at 14:01

Affected Product

Vendor Mobatek

Product MobaXterm Personal Edition (Portable)

Version 26.3

Affected Versions Mobatek MobaXterm Personal Edition (Portable) 26.3

CWE Classification

CWE-427

AI Assessment

AI Score 8.5 / 10

AI Severity High

Vendor Mobatek

Product MobaXterm Personal Edition (Portable)

Version 26.3

References

www.incibe.es /en/incibe-cert/notices/aviso/multiple-vulnerabilities-mobateks-mobaxterm-personal-edition-portable

{
    "lastseen": "",
    "description": "MobaXterm Personal Edition (Portable), in its 26.3 version (Build 5154), allows arbitrary code execution by loading a malicious DLL located in the same directory as the portable executable. Because the application automatically loads the winspool.drv library from that location during startup, an attacker with local access can place a specially crafted DLL alongside the executable to be executed when the victim launches the application.",
    "published": "2026-06-12T13:30:10.610Z",
    "modified": "2026-06-12T14:01:05.844Z",
    "type": "cve",
    "title": "Arbitrary code execution in MobaXterm Personal Edition (Portable)",
    "source": "INCIBE",
    "references": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-mobateks-mobaxterm-personal-edition-portable",
    "id": "CVE-2026-11967",
    "bulletinFamily": "",
    "cwe": [
        "CWE-427"
    ],
    "cvelist": null,
    "sourceData": "Mobatek MobaXterm Personal Edition (Portable) 26.3",
    "sourceHref": "",
    "cvss": {
        "score": 8.5,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "MobaXterm Personal Edition (Portable)",
    "version": "26.3",
    "vendor": "Mobatek",
    "ai_description": "Arbitrary code execution vulnerability in MobaXterm Personal Edition (Portable) due to loading of malicious DLL",
    "ai_severity": "High",
    "ai_vendor": "Mobatek",
    "ai_product": "MobaXterm Personal Edition (Portable)",
    "ai_version": "26.3",
    "ai_score": 8.5
}

💭 Join the Security Discussion ❌ Cancel Reply