Assertion Failure in ECDSA Signature Verification in PuTTY by Simon Tatham
CVE-2026-48852

3.7LOW

Key Information:

Vendor: Putty
Status: Putty
Vendor: CVE Published:; 25 May 2026

What is CVE-2026-48852?

An assertion failure in ECDSA signature verification in PuTTY versions before 0.84 poses potential security implications, as attackers could exploit this flaw to disrupt normal operations of the application. Proper handling of these signature verifications is crucial to maintaining the integrity and reliability of secure connections. Users of the affected versions are advised to update to the latest version promptly to mitigate any risks associated with this vulnerability.

Affected Version(s)

PuTTY 0.71 < 0.84

References

https://lists.tartarus.org/pipermail/putty-announce/2026/...

https://www.chiark.greenend.org.uk/~sgtatham/putty/wishli...

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 25, 2026
Vulnerability Reserved
May 25, 2026

CVE-2026-48852 Data

JSON

Putty

What is CVE-2026-48852?

Affected Version(s)

References

CVSS V3.1

Timeline