CVE-2026-48851 | THREATINT

Description

PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indication for TELNET data but the trust status is not cleared between proxy authentication and the main session.

PUBLISHED Reserved 2026-05-25 | Published 2026-05-25 | Updated 2026-05-26 | Assigner mitre

LOW: 3.1CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

Problem types

CWE-451 User Interface (UI) Misrepresentation of Critical Information

Product status

Default status

unaffected

0.77 (custom) before 0.84

affected

References

lists.tartarus.org/pipermail/putty-announce/2026/000042.html

www.chiark.greenend.org.uk/...shlist/telnet-trust-sigil.html

cve.org (CVE-2026-48851)

nvd.nist.gov (CVE-2026-48851)

Download JSON