CVE-2026-48851

LOW EPSS 12.9%
Published May 25, 20261mo ago · Modified Jun 17, 20261w ago
3.1 CVSS 3.1
Low
Find Similar
Published May 25, 2026 1mo ago
Last Modified Jun 17, 2026 1w ago

Description

PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indication for TELNET data but the trust status is not cleared between proxy authentication and the main session.

CVSS Details

Base Score
3.1
Exploitability
1.6
Impact
1.4
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality None
Integrity Low
Availability None

Threat Intelligence

EPSS Exploit Probability
12.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-451

Affected Products 1

VendorProductVersionRange
puttyputty*≥0.77  –  <0.84

References 2

  • lists.tartarus.org https://lists.tartarus.org/pipermail/putty-announce/2026/000042.html
    Release Notes
  • chiark.greenend.org.uk https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/telnet-trust-sigil.html
    PatchVendor Advisory

Remediation

  • chiark.greenend.org.uk https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/telnet-trust-sigil.html
    PatchVendor Advisory