CVE-2026-11879
HighCVSS 8.5Summary
MobaXterm Personal Edition (Portable) version 26.3 (Build 5154) allows arbitrary code execution by loading malicious DLLs from a predictable temporary directory that can be modified by the user. The application searches this location for specific DLLs before checking secure system paths.
Risk Assessment
An attacker with local access can place a specially crafted DLL that will be automatically executed when the application is launched, posing a serious security threat to the system.
Recommendation
It is recommended to restrict access to the temporary directory and monitor/control DLL files in this location. Users should also update MobaXterm to the latest version to minimize risk.
Original NVD description (English source)
MobaXterm Personal Edition (Portable), in its 26.3 version (Build 5154), allows arbitrary code execution by loading malicious DLLs from a temporary directory that is predictable and can be modified by the user. During startup, the application searches for specific DLLs in this location before resorting to the system’s secure paths, enabling an attacker with local access to place a specially crafted DLL to be executed automatically when the victim launches the application.

