Mobatek: >> Mobaxterm >> 24.2 Security Vulnerabilities
MobaXterm versions prior to 26.1 contain an uncontrolled search path element vulnerability. The application calls WinExec to execute Notepad++ without a fully qualified executable path when opening remote files. An attacker can exploit the search path behavior by placing a malicious executable earlier in the search order, resulting in arbitrary code execution in the context of the affected user.
CVSS Score
8.5
EPSS Score
0.0
Published
2026-03-09