Multiple vulnerabilities in Mobatek’s MobaXterm Personal Edition (Portable)
Posted date 12/06/2026
Identificador
INCIBE-2026-421
Importance
4 - High
Affected Resources
MobaXterm Personal Edition (Portable) 26.3 (Build 5154).
Description
INCIBE has coordinated the publication of two high-severity vulnerabilities affecting Mobatek’s MobaXterm Personal Edition (Portable), a comprehensive network and terminal tool for Windows. The vulnerabilities were discovered by Pedro J. Nunez-Cacho Fuentes (@tunelko).
These vulnerabilities have been assigned the following codes, CVSS v4.0 base score, CVSS vector and CWE vulnerability type for each vulnerability:
- CVE-2026-11879: CVSS v4.0: 8.5 | CVSS AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N | CWE-427
- CVE-2026-11967: CVSS v4.0: 8.5 | CVSS AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N | CWE-427
Solution
The vulnerabilities have been fixed by the Mobatek team in version 26.4.
Detail
- CVE-2026-11879: allows arbitrary code execution by loading malicious DLLs from a temporary directory that is predictable and can be modified by the user. During startup, the application searches for specific DLLs in this location before resorting to the system’s secure paths, enabling an attacker with local access to place a specially crafted DLL to be executed automatically when the victim launches the application.
- CVE-2026-11967: allows arbitrary code execution by loading a malicious DLL located in the same directory as the portable executable. Because the application automatically loads the winspool.drv library from that location during startup, an attacker with local access can place a specially crafted DLL alongside the executable to be executed when the victim launches the application.
CVE
| Identificador CVE | Severidad | Explotación | Fabricante |
|---|---|---|---|
| CVE-2026-11879 | Alta | No | Mobatek |
| CVE-2026-11967 | Alta | No | Mobatek |
References list
Etiquetas
