{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-6421", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-04-16T07:31:04.242Z", "datePublished": "2026-04-17T05:45:11.921Z", "dateUpdated": "2026-04-17T05:45:11.921Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-17T05:45:11.921Z"}, "title": "Mobatek MobaXterm Home Edition msimg32.dll uncontrolled search path", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-427", "lang": "en", "description": "Uncontrolled Search Path"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-426", "lang": "en", "description": "Untrusted Search Path"}]}], "affected": [{"vendor": "Mobatek", "product": "MobaXterm Home Edition", "versions": [{"version": "26.0", "status": "affected"}, {"version": "26.1", "status": "affected"}, {"version": "26.2", "status": "unaffected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Mobatek MobaXterm Home Edition up to 26.1. This affects an unknown part in the library msimg32.dll. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The attack is considered to have high complexity. It is indicated that the exploitability is difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 26.2 is able to mitigate this issue. It is suggested to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 7.3, "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P", "baseSeverity": "HIGH"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6, "vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C"}}], "timeline": [{"time": "2026-04-03T00:00:00.000Z", "lang": "en", "value": "Countermeasure disclosed"}, {"time": "2026-04-17T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-04-17T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-04-17T07:35:49.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "haehanse (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB CNA Team", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/vuln/358020", "name": "VDB-358020 | Mobatek MobaXterm Home Edition msimg32.dll uncontrolled search path", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/vuln/358020/cti", "name": "VDB-358020 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/778851", "name": "Submit #778851 | Mobatek MobaXterm 26.1.0.5456 Uncontrolled Search Path -- DLL hijacking with msimg32.dll", "tags": ["third-party-advisory"]}, {"url": "https://drive.google.com/file/d/17bbNDzfoD3NNPlUMkSYs8bVzVbbwddnU/view", "tags": ["exploit"]}, {"url": "https://mobaxterm.mobatek.net/download-home-edition.html", "tags": ["related"]}, {"url": "https://download.mobatek.net/2622026032581854/MobaXterm_Installer_v26.2.zip", "tags": ["patch"]}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Mobatek MobaXterm Home Edition up to 26.1. This affects an unknown part in the library msimg32.dll. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The attack is considered to have high complexity. It is indicated that the exploitability is difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 26.2 is able to mitigate this issue. It is suggested to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product."}], "id": "CVE-2026-6421", "lastModified": "2026-04-17T06:16:30.367", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 1.5, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-04-17T06:16:30.367", "references": [{"source": "cna@vuldb.com", "url": "https://download.mobatek.net/2622026032581854/MobaXterm_Installer_v26.2.zip"}, {"source": "cna@vuldb.com", "url": "https://drive.google.com/file/d/17bbNDzfoD3NNPlUMkSYs8bVzVbbwddnU/view"}, {"source": "cna@vuldb.com", "url": "https://mobaxterm.mobatek.net/download-home-edition.html"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/submit/778851"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/358020"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/358020/cti"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-426"}, {"lang": "en", "value": "CWE-427"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "26.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "26.1"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "26.2"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "MobaXterm Home Edition", "source": "cna", "vendor": "Mobatek"}, "product": "mobaxterm_home_edition", "vendor": "mobatek"}], "analysis": {"en": {"generated_at": "2026-04-17T07:50:44.091550+00:00", "value": {"mitigation_remediation": ["Upgrade to MobaXterm Home Edition 26.2 or later, which removes the vulnerable msimg32.dll.", "Download and install MobaXterm only from Mobatek\u2019s official website to ensure the binary is untampered.", "If immediate upgrade is unavailable, isolate msimg32.dll by removing its directory from the system\u2019s DLL search path or placing the file in a protected, non-searchable location.", "Monitor system logs for unusual DLL load events that may indicate exploitation attempts."], "summary": {"action": "Apply Patch", "impact": "Uncontrolled DLL Search Path with potential local code execution"}, "threat_synthesis": {"affected_systems": "Mobatek\u2019s MobaXterm Home Edition up to version 26.1 is affected. The bundled msimg32.dll contains the flaw; installing the vendor\u2019s fixed release, version 26.2, removes the vulnerability.", "description_and_impact": "An uncontrolled search path vulnerability exists in the msimg32.dll component of Mobatek MobaXterm Home Edition. If an attacker can run code locally, they can influence the operating system's DLL resolution and load a malicious library in place of the legitimate one, allowing execution of arbitrary code with the rights of the MobaXterm user, potentially leading to privilege escalation or broader system compromise.", "risk_and_exploitability": "With a CVSS score of 7.3, the issue is considered high severity. The exploit has been publicly disclosed but requires local execution and a high complexity attack. Because EPSS data is unavailable and the vulnerability is not included in the KEV catalog, the likelihood of exploitation remains uncertain, yet the potential impact is significant. The prompt release of an updated version limits exposure for those who update quickly."}}}}, "created": "2026-04-17T08:00:11.082271+00:00", "updated": "2026-04-17T08:01:11.534876+00:00", "vendors": ["mobatek", "mobatek$PRODUCT$mobaxterm_home_edition"]}