CVE-2026-48851

PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indication for TELNET data but the trust status is not cleared between proxy authentication and the main session.

low 3.1 CVSS 3.1
Published: May 25, 2026
Modified: May 27, 2026
Vendor: Putty
Product: Putty

Description

PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indication for TELNET data but the trust status is not cleared between proxy authentication and the main session.

References

Related CVEs

CVE-2026-48850 low · 3.7
PuTTY 0.72 before 0.84 has a double free in RSA KEX.
CVE-2026-48852 low · 3.7
PuTTY 0.71 before 0.84 has an assertion failure in ECDSA signature verification.
CVE-2026-4115 low · 3.7
A vulnerability was detected in PuTTY 0.83. Affected is the function eddsa_verify of the file crypto/ecc-ssh.c of the component Ed25519 Signature Handler. The manipulation results