CVE-2026-48851
3.1 LOWPuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indication for TELNET data but the trust status is not cleared between pr...
Published: 2026-05-25 · Last updated: 2026-05-27
Severity and scoring
- CVSS
- 3.1 LOW
- Vector
- CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
- CWE
- CWE-451
Affected products
| Vendor | Product |
|---|---|
| putty | putty |
Description
PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indication for TELNET data but the trust status is not cleared between proxy authentication and the main session.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2026-48852 — PuTTY 0.71 before 0.84 has an assertion failure in ECDSA signature verification (3.7 LOW)
- CVE-2026-48850 — PuTTY 0.72 before 0.84 has a double free in RSA KEX (3.7 LOW)
- CVE-2026-4115 — A vulnerability was detected in PuTTY 0.83 (3.7 LOW)
Same CWE
- CVE-2026-45650 — User interface (ui) misrepresentation of critical information in Microsoft Bing allows an unauthorized attacker to perform spoofing over ... (4.3 MEDIUM)
- CVE-2026-11300 — Inappropriate implementation in Permissions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via ... (4.3 MEDIUM)
- CVE-2026-11294 — Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a ... (4.3 MEDIUM)
- CVE-2026-11286 — Insufficient validation of untrusted input in Wallet in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromise... (4.3 MEDIUM)
- CVE-2026-11285 — Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to perform UI spo... (4.3 MEDIUM)