CVE-2026-6421
Received Received - Intake
Uncontrolled Search Path Vulnerability in MobaXterm msimg32.dll

Publication date: 2026-04-17

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability has been found in Mobatek MobaXterm Home Edition up to 26.1. This affects an unknown part in the library msimg32.dll. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The attack is considered to have high complexity. It is indicated that the exploitability is difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 26.2 is able to mitigate this issue. It is suggested to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-17
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-04-17
EPSS Evaluated
2026-06-14
NVD
CVE-2026-6421
EUVD
EUVD-2026-23374
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mobatek mobaxterm_home_edition to 26.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-427 The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
CWE-426 The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Mobatek MobaXterm Home Edition up to version 26.1 and involves an unknown part of the msimg32.dll library.

The issue is an uncontrolled search path manipulation, which means the software may load malicious files from unintended locations.

An attacker must have local access to exploit this vulnerability, and the attack complexity is high, making exploitation difficult.

The vulnerability has been publicly disclosed, and an exploit may be available.

Upgrading to version 26.2 of MobaXterm Home Edition mitigates this issue.

Impact Analysis

If exploited, this vulnerability can lead to a compromise of confidentiality, integrity, and availability of the affected system.

  • Confidentiality impact: sensitive information could be exposed.
  • Integrity impact: unauthorized modification of data or system state.
  • Availability impact: disruption or denial of service to legitimate users.

However, exploitation requires local access and is considered difficult due to high attack complexity.

Mitigation Strategies

The immediate step to mitigate this vulnerability is to upgrade Mobatek MobaXterm Home Edition to version 26.2 or later.

Since the vulnerability involves an uncontrolled search path in the msimg32.dll library and requires local access with high attack complexity, upgrading the affected component is the recommended mitigation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6421. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart