Uncontrolled Search Path Vulnerability in MobaXterm Home Edition by Mobatek
CVE-2026-6421

7.3HIGH

Key Information:

Vendor

Mobatek

Status
Mobaxterm Home Edition
Vendor
CVE Published:
17 April 2026

What is CVE-2026-6421?

A vulnerability exists in the Mobatek MobaXterm Home Edition, specifically in the msimg32.dll library, which allows for an uncontrolled search path. This could potentially enable an attacker to exploit the software locally. The complexity of the attack is notably high, making it challenging to execute. A patch has been released to address this issue, and users are strongly advised to upgrade to version 26.2 to mitigate potential risks. The vendor has proactively responded to report and provided a timely resolution.

Affected Version(s)

MobaXterm Home Edition 26.0

MobaXterm Home Edition 26.1

MobaXterm Home Edition 26.2

References

https://vuldb.com/vuln/358020
vdb-entry
https://vuldb.com/vuln/358020/cti
signaturepermissions-required
https://vuldb.com/submit/778851
third-party-advisory

CVSS V4

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

haehanse (VulDB User)
VulDB CNA Team
.