CVE-2026-48851

EUVD-2026-31731
PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indication for TELNET data but the trust status is not cleared between proxy authentication and the main session.
UI
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.1 LOW
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 12%
Affected Products (NVD)
VendorProductVersion
puttyputty
0.77 ≤
𝑥
< 0.84
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
putty
bookworm
no-dsa
bookworm (security)
vulnerable
bullseye
postponed
bullseye (security)
vulnerable
forky
0.84-1
fixed
sid
0.84-1
fixed
trixie
no-dsa