Skip to main content

Mobaxterm Home Edition CVE-2026-6421

| EUVD-2026-23374 MEDIUM
Uncontrolled Search Path Element (CWE-427)
2026-04-17 VulDB GHSA-hf75-j846-hmxr
Information Disclosure Mobaxterm Home Edition
6.4
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
6.4 MEDIUM
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

10
Severity Changed
Apr 29, 2026 - 01:12 NVD
HIGH MEDIUM
CVSS changed
Apr 29, 2026 - 01:12 NVD
7.3 (HIGH) 6.4 (MEDIUM)
PoC Detected
Apr 29, 2026 - 01:00 vuln.today
Public exploit code
Re-analysis Queued
Apr 22, 2026 - 20:37 vuln.today
cvss_changed
Analysis Generated
Apr 17, 2026 - 06:27 vuln.today
CVSS changed
Apr 17, 2026 - 06:22 NVD
7.0 (HIGH) 7.3 (HIGH)
EUVD ID Assigned
Apr 17, 2026 - 06:15 euvd
EUVD-2026-23374
Analysis Generated
Apr 17, 2026 - 06:15 vuln.today
Patch released
Apr 17, 2026 - 06:15 nvd
Patch available
CVE Published
Apr 17, 2026 - 05:45 nvd
MEDIUM 6.4

DescriptionCVE.org

A vulnerability has been found in Mobatek MobaXterm Home Edition up to 26.1. This affects an unknown part in the library msimg32.dll. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The attack is considered to have high complexity. It is indicated that the exploitability is difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 26.2 is able to mitigate this issue. It is suggested to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

AnalysisAI

DLL hijacking in MobaXterm Home Edition ≤26.1 allows local attackers with low privileges to execute arbitrary code by planting a malicious msimg32.dll in an uncontrolled search path location. Exploitation is complex (CVSS AC:H) but a public POC exists. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain local user access
Delivery
Write malicious msimg32.dll to search path directory
Exploit
Wait for victim to launch MobaXterm
Execution
Application loads attacker DLL
Persist
Execute arbitrary code with user privileges
Impact
Steal credentials or establish persistence
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Requires local access to the target system where MobaXterm Home Edition ≤26.1 is installed. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Real-world risk is moderate despite the 7.3 CVSS score. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with local user access to a workstation running MobaXterm 26.1 or earlier places a crafted malicious msimg32.dll in the MobaXterm application directory or current working directory. When the victim launches MobaXterm, the application loads the attacker's DLL instead of the legitimate Windows system library, executing arbitrary code with the victim's user privileges. …
Remediation Upgrade to MobaXterm Home Edition version 26.2 or later, available from Mobatek at https://mobaxterm.mobatek.net/download-home-edition.html (direct installer: https://download.mobatek.net/2622026032581854/MobaXterm_Installer_v26.2.zip). … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Identify all systems running MobaXterm Home Edition version 26.1 or earlier using inventory or endpoint detection tools. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-6421 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy