PatchSiren cyber security CVE debrief
CVE-2026-11879 Mobatek CVE debrief
CVE-2026-11879 is a HIGH-severity vulnerability in MobaXterm Personal Edition (Portable) version 26.3 (Build 5154). The vulnerability allows arbitrary code execution by loading malicious DLLs from a temporary directory that is predictable and can be modified by the user. During startup, the application searches for specific DLLs in this location before resorting to the system’s secure paths, enabling an attacker with local access to place a specially crafted DLL to be executed automatically when the victim launches the application.
- Vendor
- Mobatek
- Product
- MobaXterm Personal Edition (Portable)
- CVSS
- HIGH 8.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Users of MobaXterm Personal Edition (Portable) version 26.3 (Build 5154) should apply the necessary patches or updates to prevent arbitrary code execution.
Technical summary
The vulnerability has a CVSS score of 8.5 and is classified as HIGH severity. The CVSS vector is CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.
Defensive priority
HIGH
Recommended defensive actions
- Apply the necessary patches or updates to MobaXterm Personal Edition (Portable) version 26.3 (Build 5154) to prevent arbitrary code execution.
- Use secure coding practices and ensure that the application is configured to use secure paths for loading DLLs.
Evidence notes
The vulnerability was reported by Incibe and is tracked under CWE-427.
Official resources
-
CVE-2026-11879 CVE record
CVE.org
-
CVE-2026-11879 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-11879 was published on 2026-06-12T14:16:29.890Z and modified on 2026-06-12T16:00:18.860Z.