CVE-2026-48851

LOW

PuTTY < 0.84 - User Interface (UI) Misrepresentation of Critical Information

Title source: rule

Description

PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indication for TELNET data but the trust status is not cleared between proxy authentication and the main session.

References (2)

Core 2

Core References

https://lists.tartarus.org/pipermail/putty-announce/2026/000042.html

https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/telnet-trust-sigil.html

Scores

CVSS v3 3.1

EPSS 0.0022

EPSS Percentile 12.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-451

Status published

Products (2)

PuTTY/PuTTY 0.77 - 0.84

putty/putty 0.77 - 0.84

Published May 25, 2026

Tracked Since May 26, 2026