PatchSiren cyber security CVE debrief

CVE-2026-11967 Mobatek CVE debrief

CVE-2026-11967 is a HIGH severity vulnerability in MobaXterm Personal Edition (Portable) 26.3 Build 5154. The vulnerability allows arbitrary code execution by loading a malicious DLL located in the same directory as the portable executable. The application automatically loads the winspool.drv library from that location during startup, enabling an attacker with local access to place a specially crafted DLL alongside the executable to be executed when the victim launches the application.

Vendor: Mobatek
Product: MobaXterm Personal Edition (Portable)
CVSS: HIGH 8.5
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-06-12
Original CVE updated: 2026-06-12
Advisory published: 2026-06-12
Advisory updated: 2026-06-12

Who should care

Users of MobaXterm Personal Edition (Portable) 26.3 Build 5154, administrators of systems where this software is used, and security teams responsible for patching and vulnerability management.

Technical summary

The vulnerability exists due to the application's automatic loading of the winspool.drv library from the same directory as the portable executable. An attacker with local access can exploit this by placing a specially crafted DLL alongside the executable, which will be executed when the victim launches the application.

Defensive priority

HIGH

Recommended defensive actions

Apply the vendor's official patch or update to a version that addresses this vulnerability.
Ensure that only trusted DLLs are loaded by the application.
Restrict access to the directory containing the portable executable to prevent unauthorized DLL placement.
Monitor for suspicious activity related to the application and its directory.

Evidence notes

The CVE-2026-11967 vulnerability was reported by Incibe and has a CVSS score of 8.5. The vulnerability is categorized under CWE-427.

Official resources

CVE-2026-11967 was published on 2026-06-12T14:16:30.103Z and modified on 2026-06-12T16:00:18.860Z.