CVE-2026-48851 PUBLISHED

Assigner: mitre
Reserved: 25.05.2026 Published: 25.05.2026 Updated: 26.05.2026

PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indication for TELNET data but the trust status is not cleared between proxy authentication and the main session.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
CVSS Score: 3.1

Attack Vector	Network	Scope	Unchanged
Attack Complexity	High	Confidentiality Impact	None
Privileges Required	None	Integrity Impact	Low
User Interaction	Required	Availability Impact	None

CVSS 3.1

Product Status

Vendor	PuTTY
Product	PuTTY
Versions	Default: unaffected affected from 0.77 to 0.84 (excl.)

References

https://lists.tartarus.org/pipermail/putty-announce/2026/000042.html
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/telnet-trust-sigil.html

Problem Types

CWE-451 User Interface (UI) Misrepresentation of Critical Information CWE