CVE-2026-4115 — Insufficient Verification of Data Authenticity in Putty

CWE-345 — Insufficient Verification of Data Authenticity CWE-347 — Improper Verification of Cryptographic Signature5 documents5 sources

Severity

6.3MEDIUMNVD

EPSS

0.0%

top 99.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Putty

Timeline

PublishedMar 22

Description

A vulnerability was detected in PuTTY 0.83. Affected is the function eddsa_verify of the file crypto/ecc-ssh.c of the component Ed25519 Signature Handler. The manipulation results in improper verification of cryptographic signature. The attack may be performed from remote. The attack requires a high level of complexity. The exploitability is told to be difficult. The exploit is now public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is ident…

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages1 packages

▶debiandebian/putty

🔴Vulnerability Details

GHSA

GHSA-p96h-94q2-fh5v: A vulnerability was detected in PuTTY 0↗2026-03-22

▶

OSV

CVE-2026-4115: A vulnerability was detected in PuTTY 0↗2026-03-22

▶

📋Vendor Advisories

Debian

CVE-2026-4115: putty - A vulnerability was detected in PuTTY 0.83. Affected is the function eddsa_verif...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-4115 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶