Skip to main content

Mobaxterm Personal Edition Portable

2 CVEs product

Monthly

CVE-2026-11967 HIGH PATCH This Week

Arbitrary code execution in MobaXterm Personal Edition (Portable) version 26.3 Build 5154 occurs because the application loads winspool.drv from its working directory at startup, enabling classic DLL search-order hijacking. A local attacker who can write to the directory containing the portable executable can drop a malicious winspool.drv that executes in the victim's user context the next time MobaXterm is launched. No public exploit identified at time of analysis, and EPSS data was not provided, but the trivial nature of DLL planting makes weaponization straightforward.

RCE Mobaxterm Personal Edition Portable
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-11879 HIGH PATCH This Week

Arbitrary code execution in MobaXterm Personal Edition (Portable) 26.3 Build 5154 occurs because the application loads DLLs from a predictable, user-writable temporary directory before falling back to secure system paths. A local attacker who can drop a crafted DLL into that path achieves code execution under the victim's account when MobaXterm is next launched. No public exploit identified at time of analysis, and the issue is not on CISA KEV.

RCE Mobaxterm Personal Edition Portable
NVD
CVSS 4.0
8.5
EPSS
0.0%
EPSS 0% CVSS 8.5
HIGH PATCH This Week

Arbitrary code execution in MobaXterm Personal Edition (Portable) version 26.3 Build 5154 occurs because the application loads winspool.drv from its working directory at startup, enabling classic DLL search-order hijacking. A local attacker who can write to the directory containing the portable executable can drop a malicious winspool.drv that executes in the victim's user context the next time MobaXterm is launched. No public exploit identified at time of analysis, and EPSS data was not provided, but the trivial nature of DLL planting makes weaponization straightforward.

RCE Mobaxterm Personal Edition Portable
NVD
EPSS 0% CVSS 8.5
HIGH PATCH This Week

Arbitrary code execution in MobaXterm Personal Edition (Portable) 26.3 Build 5154 occurs because the application loads DLLs from a predictable, user-writable temporary directory before falling back to secure system paths. A local attacker who can drop a crafted DLL into that path achieves code execution under the victim's account when MobaXterm is next launched. No public exploit identified at time of analysis, and the issue is not on CISA KEV.

RCE Mobaxterm Personal Edition Portable
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy