CVE-2026-48852

Vulnerability

PuTTY versions 0.71 through 0.83 (before 0.84) contain an assertion failure in the elliptic curve arithmetic used during ECDSA signature verification [2]. The bug occurs when the code attempts to add two elliptic curve points with the same y-coordinate, which is a perfectly normal operation and should not trigger an assertion [2]. This assertion is present in the host key signature verification step during SSH key exchange [2].

Exploitation

An attacker with a network position capable of intercepting or impersonating the SSH server (i.e., a malicious server or a man-in-the-middle) can trigger the assertion failure by sending a carefully crafted host key and signature during the initial key exchange [2]. The malicious key and signature can be reused across attacks [2]. Crucially, the crash occurs before PuTTY checks the host key against its cache, so even a trusted server's connection can be disrupted by a MITM substituting the bogus data [2].

Impact

Successful exploitation causes PuTTY to crash with an assertion failure, resulting in a denial of service (DoS) [2]. The crash is abrupt and does not allow code execution or information disclosure [2]. While a MITM can always prevent a successful SSH connection, this attack specifically crashes the client rather than producing a graceful error message [2]. The vulnerability is considered minor because the practical impact is limited to a denial of service that a MITM could already achieve by other means [2].

Mitigation

The vulnerability is fixed in PuTTY version 0.84, released on May 22, 2026 [1][2]. Users should upgrade to PuTTY 0.84 or later. No workarounds are documented; the fix removes the erroneous assertion from the elliptic curve arithmetic [2]. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog.