CVE-2026-6421: Uncontrolled Search Path in Mobatek MobaXterm Home Edition
CVE-2026-6421 is a high-severity vulnerability in Mobatek MobaXterm Home Edition versions up to 26. 1 involving an uncontrolled search path in the msimg32. dll library. The vulnerability requires local access and has a high attack complexity, making exploitation difficult. The vendor has released version 26. 2 which mitigates this issue. Users are advised to upgrade to this fixed version to address the vulnerability.
AI Analysis
Technical Summary
This vulnerability in Mobatek MobaXterm Home Edition (up to version 26.1) involves an uncontrolled search path related to the msimg32.dll library. The flaw allows local attackers with limited privileges to potentially exploit the application by manipulating the search path. The attack complexity is high, and no user interaction is required. The vendor responded promptly and released version 26.2 to fix the issue.
Potential Impact
The vulnerability could allow a local attacker to exploit the uncontrolled search path to execute unintended code or cause other impacts related to the msimg32.dll library. Due to the high complexity and local access requirement, the risk is limited to scenarios where an attacker already has local access with limited privileges. No known exploits in the wild have been reported.
Mitigation Recommendations
A fixed version (26.2) of Mobatek MobaXterm Home Edition has been released by the vendor to address this vulnerability. Users should upgrade to version 26.2 to mitigate the risk. Since this is a local vulnerability with high attack complexity, upgrading is the primary recommended action.
CVE-2026-6421: Uncontrolled Search Path in Mobatek MobaXterm Home Edition
Description
CVE-2026-6421 is a high-severity vulnerability in Mobatek MobaXterm Home Edition versions up to 26. 1 involving an uncontrolled search path in the msimg32. dll library. The vulnerability requires local access and has a high attack complexity, making exploitation difficult. The vendor has released version 26. 2 which mitigates this issue. Users are advised to upgrade to this fixed version to address the vulnerability.
CVSS v4.0
Score 7.3high
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in Mobatek MobaXterm Home Edition (up to version 26.1) involves an uncontrolled search path related to the msimg32.dll library. The flaw allows local attackers with limited privileges to potentially exploit the application by manipulating the search path. The attack complexity is high, and no user interaction is required. The vendor responded promptly and released version 26.2 to fix the issue.
Potential Impact
The vulnerability could allow a local attacker to exploit the uncontrolled search path to execute unintended code or cause other impacts related to the msimg32.dll library. Due to the high complexity and local access requirement, the risk is limited to scenarios where an attacker already has local access with limited privileges. No known exploits in the wild have been reported.
Mitigation Recommendations
A fixed version (26.2) of Mobatek MobaXterm Home Edition has been released by the vendor to address this vulnerability. Users should upgrade to version 26.2 to mitigate the risk. Since this is a local vulnerability with high attack complexity, upgrading is the primary recommended action.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-04-16T07:31:04.242Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69e1d07582d89c981f98f522
Added to database: 4/17/2026, 6:17:25 AM
Last enriched: 4/24/2026, 4:16:25 PM
Last updated: 6/4/2026, 4:35:14 AM
Views: 67
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.