What is CVE-2026-6421?

CVE-2026-6421 is a high-severity vulnerability in Mobatek Mobaxterm Home Edition, classified under Untrusted Search Path. CVSS score: 7.0/10. Published 2026-04-17.

How severe is CVE-2026-6421?

High severity. CVSS v3 base score is 7.0 out of 10.

Vulnerability in Mobatek Mobaxterm Home Edition

CVE-2026-6421

A vulnerability has been found in Mobatek MobaXterm Home Edition up to 26.1. This affects an unknown part in the library msimg32.dll. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The attack is…

EPSS: 0.000 (0.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.0 (High). Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Mobatek Mobaxterm Home Edition — versions 26.0, 26.1, 26.2

Weakness classification (CWE)

References

VDB-358020 | Mobatek MobaXterm Home Edition msimg32.dll uncontrolled search path (vdb-entry)
VDB-358020 | CTI Indicators (IOB, IOC, TTP, IOA) (signature, permissions-required)
Submit #778851 | Mobatek MobaXterm 26.1.0.5456 Uncontrolled Search Path -- DLL hijacking with msimg32.dll (third-party-advisory)
cna@vuldb.com (exploit)
cna@vuldb.com (related)
cna@vuldb.com (patch)

Frequently asked questions

What is CVE-2026-6421?: CVE-2026-6421 is a high-severity vulnerability in Mobatek Mobaxterm Home Edition, classified under Untrusted Search Path. CVSS score: 7.0/10. Published 2026-04-17.
How severe is CVE-2026-6421?: High severity. CVSS v3 base score is 7.0 out of 10.