Arbitrary code execution in MobaXterm Personal Edition (Portable)
CVE-2026-11879

8.5HIGH

Key Information:

Vendor: Mobatek
Status: Mobaxterm Personal Edition (portable)
Vendor: CVE Published:; 12 June 2026

What is CVE-2026-11879?

MobaXterm Personal Edition (Portable), in its 26.3 version (Build 5154), allows arbitrary code execution by loading malicious DLLs from a temporary directory that is predictable and can be modified by the user. During startup, the application searches for specific DLLs in this location before resorting to the system’s secure paths, enabling an attacker with local access to place a specially crafted DLL to be executed automatically when the victim launches the application.

Affected Version(s)

MobaXterm Personal Edition (Portable) 26.3

MobaXterm Personal Edition (Portable) 26.4

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

patch

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 12, 2026
Vulnerability Reserved
Jun 10, 2026

Credit

Pedro J. Nunez-Cacho Fuentes (@tunelko)

CVE-2026-11879 Data

JSON

Mobatek

What is CVE-2026-11879?

Affected Version(s)

References

CVSS V4

Timeline

Credit