CVE-2026-48852

LOW

PuTTY < 0.84 - Reachable Assertion

Title source: rule

PuTTY 0.71 before 0.84 has an assertion failure in ECDSA signature verification.

Core 2

Core References

CVSS v3 3.7

EPSS 0.0027

EPSS Percentile 18.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

CWE

CWE-617

Status published

Products (2)

PuTTY/PuTTY 0.71 - 0.84

putty/putty 0.71 - 0.84

Published May 25, 2026

Tracked Since May 26, 2026