Which versions of MobaXterm are affected by CVE-2026-25866?

MobaXterm versions before 26.1 contain a local privilege escalation vulnerability affecting authenticated users with file system write access, enabling arbitrary code execution through DLL hijacking…

MobaXterm CVE-2026-25866

Q: What is the CVSS score of CVE-2026-25866?

CVE-2026-25866 has a CVSS 4.0 base score of 8.5 (High). CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

HIGH

Unquoted Search Path or Element (CWE-428)

2026-03-09 disclosure@vulncheck.com

RCE

8.5

CVSS 4.0

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Updated

May 06, 2026 - 14:43 vuln.today

v2 (cvss_changed)

Re-analysis Queued

May 06, 2026 - 14:37 vuln.today

cvss_changed

CVSS changed

May 06, 2026 - 14:37 NVD

7.8 (HIGH) 8.5 (HIGH)

Analysis Generated

Mar 12, 2026 - 21:56 vuln.today

CVE Published

Mar 09, 2026 - 16:16 nvd

HIGH 7.8

DescriptionNVD

MobaXterm versions prior to 26.1 contain an uncontrolled search path element vulnerability. The application calls WinExec to execute Notepad++ without a fully qualified executable path when opening remote files. An attacker can exploit the search path behavior by placing a malicious executable earlier in the search order, resulting in arbitrary code execution in the context of the affected user.

AnalysisAI

Local privilege escalation in MobaXterm before 26.1 allows authenticated users with file system write access to execute arbitrary code by DLL hijacking the Notepad++ launch process. When opening remote files, MobaXterm calls WinExec without a fully qualified path, enabling attackers to place malicious executables in the search path to achieve code execution in the victim user's context. …

RemediationAI

Within 24 hours: Identify all MobaXterm installations and current versions via asset inventory or endpoint detection tools. Within 7 days: Upgrade all MobaXterm instances to version 26.1 or later; if unavailable, restrict file system write permissions for non-administrative users on systems running MobaXterm. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-25866 vulnerability details – vuln.today

Back

MobaXterm CVE-2026-25866

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

MobaXterm CVE-2026-25866

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code