Arbitrary code execution in MobaXterm Personal Edition (Portable)
CVE-2026-11967

8.5HIGH

Key Information:

Vendor: Mobatek
Status: Mobaxterm Personal Edition (portable)
Vendor: CVE Published:; 12 June 2026

What is CVE-2026-11967?

MobaXterm Personal Edition (Portable), in its 26.3 version (Build 5154), allows arbitrary code execution by loading a malicious DLL located in the same directory as the portable executable. Because the application automatically loads the winspool.drv library from that location during startup, an attacker with local access can place a specially crafted DLL alongside the executable to be executed when the victim launches the application.

Affected Version(s)

MobaXterm Personal Edition (Portable) 26.3

MobaXterm Personal Edition (Portable) 26.4

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

patch

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 12, 2026
Vulnerability Reserved
Jun 11, 2026

Credit

Pedro J. Nunez-Cacho Fuentes (@tunelko)

CVE-2026-11967 Data

JSON

Mobatek

What is CVE-2026-11967?

Affected Version(s)

References

CVSS V4

Timeline

Credit