PT-2026-24077 · Mobaxterm+1 · Mobaxterm+1
Vulncheck
·
Published
2026-03-09
·
Updated
2026-05-13
·
CVE-2026-25866
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
MobaXterm versions prior to 26.1
Description
The software contains an uncontrolled search path element issue. The application uses WinExec to launch Notepad++ without specifying the complete path to the executable when opening files from remote locations. An attacker could leverage this behavior by placing a malicious executable earlier in the system's search path, potentially leading to arbitrary code execution with the privileges of the user.
Recommendations
Update to version 26.1 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mobaxterm
Notepad++