PT-2026-26977 · Putty · Putty

Pythok

Published

2026-01-01

Updated

2026-05-25

CVE-2026-4115

CVSS v3.1

3.7

Low

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions PuTTY version 0.83

Description An issue exists in the Ed25519 Signature Handler component within the eddsa verify() function of the crypto/ecc-ssh.c file. This flaw allows for the improper verification of cryptographic signatures, which could be exploited remotely. The attack is characterized by high complexity and is considered difficult to execute.

Recommendations Apply the patch identified as af996b5ec27ab79bae3882071b9d6acf16044549 for version 0.83.

Exploit

Fix

Improper Verification of Cryptographic Signature

Insufficient Verification of Data Authenticity

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-347CWE-345

Related Identifiers

CVE-2026-4115

Affected Products

Putty

PT-2026-26977 · Putty · Putty

CVE-2026-4115

Weakness Enumeration

Related Identifiers

Affected Products

References · 19