Which versions of Mobaxterm Home Edition are affected by EUVD-2026-23374?

MobaXterm Home Edition versions 26.1 and earlier contain a DLL hijacking vulnerability that allows local users with low privileges to execute arbitrary code on affected systems.. A patch is available.

Is there a public PoC exploit available for EUVD-2026-23374?

Yes, a public proof-of-concept exploit is available for EUVD-2026-23374. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate EUVD-2026-23374?

Within 24 hours: Identify all systems running MobaXterm Home Edition version 26.1 or earlier using inventory or endpoint detection tools. Within 7 days: Deploy MobaXterm Home Edition version 26.2 or later to all affected systems through standard patch management procedures; prioritize systems with shared or multi-user access. Within 30 days: Verify successful deployment across the environment and confirm no systems remain on vulnerable versions.

Mobaxterm Home Edition EUVD-2026-23374

Q: What is the CVSS score of EUVD-2026-23374?

EUVD-2026-23374 has a CVSS 4.0 base score of 6.4 (Medium). CVSS vector: CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

| CVE-2026-6421 MEDIUM

Uncontrolled Search Path Element (CWE-427)

2026-04-17 VulDB

GHSA-hf75-j846-hmxr

Information Disclosure Mobaxterm Home Edition

6.4

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

6.4 MEDIUM

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Severity Changed

Apr 29, 2026 - 01:12 NVD

HIGH MEDIUM

CVSS changed

Apr 29, 2026 - 01:12 NVD

7.3 (HIGH) 6.4 (MEDIUM)

PoC Detected

Apr 29, 2026 - 01:00 vuln.today

Public exploit code

Re-analysis Queued

Apr 22, 2026 - 20:37 vuln.today

cvss_changed

Analysis Generated

Apr 17, 2026 - 06:27 vuln.today

CVSS changed

Apr 17, 2026 - 06:22 NVD

7.0 (HIGH) 7.3 (HIGH)

EUVD ID Assigned

Apr 17, 2026 - 06:15 euvd

EUVD-2026-23374

Analysis Generated

Apr 17, 2026 - 06:15 vuln.today

Patch released

Apr 17, 2026 - 06:15 nvd

Patch available

CVE Published

Apr 17, 2026 - 05:45 nvd

MEDIUM 6.4

DescriptionCVE.org

A vulnerability has been found in Mobatek MobaXterm Home Edition up to 26.1. This affects an unknown part in the library msimg32.dll. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The attack is considered to have high complexity. It is indicated that the exploitability is difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 26.2 is able to mitigate this issue. It is suggested to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

AnalysisAI

DLL hijacking in MobaXterm Home Edition ≤26.1 allows local attackers with low privileges to execute arbitrary code by planting a malicious msimg32.dll in an uncontrolled search path location. Exploitation is complex (CVSS AC:H) but a public POC exists. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Obtain local user access

Delivery

Write malicious msimg32.dll to search path directory

Exploit

Wait for victim to launch MobaXterm

Execution

Application loads attacker DLL

Persist

Execute arbitrary code with user privileges

Impact

Steal credentials or establish persistence