PuTTY Vulnerability: Insecure Trust Indication in TELNET Sessions
CVE-2026-48851

3.1LOW

Key Information:

Vendor: Putty
Status: Putty
Vendor: CVE Published:; 25 May 2026

What is CVE-2026-48851?

PuTTY versions 0.77 through 0.83 utilize a trust icon to signify trustworthiness during TELNET session data transfer. However, this trust indication is inadequately cleared between proxy authentication and the main session, allowing potential attackers to exploit the session. This oversight could lead to confusion regarding the actual trust status of data being communicated, resulting in potential security risks.

Affected Version(s)

PuTTY 0.77 < 0.84

References

https://lists.tartarus.org/pipermail/putty-announce/2026/...

https://www.chiark.greenend.org.uk/~sgtatham/putty/wishli...

CVSS V3.1

Score:

3.1

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 25, 2026
Vulnerability Reserved
May 25, 2026

CVE-2026-48851 Data

JSON

Putty

What is CVE-2026-48851?

Affected Version(s)

References

CVSS V3.1

Timeline