Uncontrolled Search Path Element Vulnerability in MobaXterm by Mobatek
CVE-2026-25866

8.5HIGH

Key Information:

Vendor: Mobatek
Status: Mobaxterm
Vendor: CVE Published:; 9 March 2026

What is CVE-2026-25866?

MobaXterm prior to version 26.1 is affected by a vulnerability that arises from an uncontrolled search path element. When opening remote files, the application utilizes WinExec to launch Notepad++ without specifying a fully qualified executable path. This oversight permits an attacker to exploit the search path behavior by positioning a malicious executable earlier in the search order. As a result, arbitrary code can be executed within the context of the affected user, posing significant security risks.

Affected Version(s)

MobaXterm 0 < 26.1

References

https://mobaxterm.mobatek.net/download-home-edition.html

release-notespatch

https://www.vulncheck.com/advisories/mobaxterm-notepad-un...

third-party-advisory

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 9, 2026
Vulnerability Reserved
Feb 6, 2026

Credit

Spektion Research Team

VulnCheck

CVE-2026-25866 Data

JSON