QwikSec

Security Database

CVE

CWE

Training

CVE-2026-6421

Published: Apr 17, 2026

Modified: Apr 17, 2026

PUBLISHED

CVSS v3.1

7.0

HIGH

Description

A vulnerability has been found in Mobatek MobaXterm Home Edition up to 26.1. This affects an unknown part in the library msimg32.dll. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The attack is considered to have high complexity. It is indicated that the exploitability is difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 26.2 is able to mitigate this issue. It is suggested to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

Vendor	Product	Versions
Mobatek	MobaXterm Home Edition	affected `26.0` affected `26.1` unaffected `26.2`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

VDB-358020 | Mobatek MobaXterm Home Edition msimg32.dll uncontrolled search path

vdb-entry

VDB-358020 | CTI Indicators (IOB, IOC, TTP, IOA)

signature

permissions-required

Submit #778851 | Mobatek MobaXterm 26.1.0.5456 Uncontrolled Search Path -- DLL hijacking with msimg32.dll

third-party-advisory

https://drive.google.com/file/d/17bbNDzfoD3NNPlUMkSYs8bVzVbbwddnU/view

exploit

https://mobaxterm.mobatek.net/download-home-edition.html

related

https://download.mobatek.net/2622026032581854/MobaXterm_Installer_v26.2.zip

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.