Description
MobaXterm versions prior to 26.1 contain an uncontrolled search path element vulnerability. The application calls WinExec to execute Notepad++ without a fully qualified executable path when opening remote files. An attacker can exploit the search path behavior by placing a malicious executable earlier in the search order, resulting in arbitrary code execution in the context of the affected user.
References (2)
Core 2
Core References
Various Sources release-notes
patch
https://mobaxterm.mobatek.net/download-home-edition.html
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/mobaxterm-notepad-unquoted-service-path
Scores
CVSS v3
7.8
EPSS
0.0013
EPSS Percentile
3.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-428
Status
published
Products (2)
Mobatek/MobaXterm
< 26.1
mobatek/mobaxterm
< 26.1
Published
Mar 09, 2026
Tracked Since
Mar 09, 2026