CVE-2026-48851 LOW

CVE-2026-48851

Vendor Putty
Product PuTTY
Weakness CWE-451
Published May 25, 2026
Last update May 26, 2026

CVSS base score

3.1/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indication for TELNET data but the trust status is not cleared between proxy authentication and the main session.

Key dates

02Disclosure timeline

May 25, 2026 CVE published
May 26, 2026 Record updated