CVE-2026-11967

Arbitrary code execution in MobaXterm Personal Edition (Portable)

CVSS 8.5 HIGHEPSS 0.1%CWE-427

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 8.5EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

12 jun 2026Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

MobaXterm Personal Edition (Portable), in its 26.3 version (Build 5154), allows arbitrary code execution by loading a malicious DLL located in the same directory as the portable executable. Because the application automatically loads the winspool.drv library from that location during startup, an attacker with local access can place a specially crafted DLL alongside the executable to be executed when the victim launches the application.

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Productos afectados

Mobatek · MobaXterm Personal Edition (Portable)

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-mobateks-mobaxterm-personal-edition-portable