CVE-2026-4115 in PuTTY
Summary
by MITRE • 03/22/2026
A vulnerability was detected in PuTTY 0.83. Affected is the function eddsa_verify of the file crypto/ecc-ssh.c of the component Ed25519 Signature Handler. The manipulation results in improper verification of cryptographic signature. The attack may be performed from remote. The attack requires a high level of complexity. The exploitability is told to be difficult. The exploit is now public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is identified as af996b5ec27ab79bae3882071b9d6acf16044549. It is advisable to implement a patch to correct this issue. The vendor was contacted early, responded in a very professional manner and quickly released a patch for the affected product. However, at the moment there is no proof that this flaw might have any real-world impact.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 05/23/2026
The vulnerability in PuTTY 0.83 represents a critical cryptographic flaw within the Ed25519 signature verification mechanism, specifically affecting the eddsa_verify function located in crypto/ecc-ssh.c. This issue falls under the category of cryptographic verification failures that can compromise the integrity of digital signatures used in secure communications. The flaw manifests when the cryptographic signature verification process fails to properly validate Ed25519 signatures, potentially allowing malformed or malicious signatures to be accepted as valid. Such a vulnerability directly impacts the security posture of SSH connections that rely on Ed25519 key authentication, creating potential attack vectors for man-in-the-middle scenarios and unauthorized access attempts. The vulnerability's classification aligns with CWE-330, which addresses insufficient entropy in cryptographic operations, and CWE-327, which covers use of a broken cryptographic algorithm. From an attack perspective, this vulnerability requires remote exploitation with high complexity, indicating that attackers would need to craft specific malicious signatures and potentially overcome multiple security controls. The attack vector operates through network-based communication where an attacker could manipulate signature verification processes during SSH authentication. The complexity level of exploitation suggests that while the vulnerability exists, it requires significant technical expertise to leverage effectively, though the public availability of exploits has reduced the barrier to implementation. The vulnerability's existence has been confirmed through the patch identifier af996b5ec27ab79bae3882071b9d6acf16044549, which represents a specific code modification addressing the cryptographic verification flaw. The patch demonstrates that the vendor responded professionally and promptly to the security issue, releasing a fix that directly addresses the root cause of the problem. The vendor's response time and patch quality indicate a mature security response process, though the actual impact assessment remains uncertain. The lack of confirmed real-world exploitation attempts does not diminish the severity of the vulnerability, as cryptographic flaws of this nature can have cascading effects on security infrastructure. The vulnerability's potential impact extends beyond immediate authentication bypasses, as it could enable attackers to compromise the entire secure communication channel, particularly in environments where Ed25519 keys are extensively used. The technical flaw operates at the core cryptographic validation layer, making it particularly dangerous since it affects the fundamental trust model of SSH authentication protocols. The vulnerability's characteristics align with ATT&CK technique T1552.003, which covers credentials from password storage, and T1071.004, which addresses application layer protocols, as the flaw specifically impacts SSH protocol implementation. The security implications of this vulnerability extend to organizations that rely heavily on SSH for remote administration and secure communications, where the compromise of Ed25519 signature verification could lead to unauthorized system access and data breaches. The fact that this vulnerability was publicly disclosed while still under investigation indicates a potential security risk that organizations should address proactively, even though the immediate exploitation risk remains unclear. The patch implementation should be prioritized across all affected systems to prevent potential exploitation, as cryptographic vulnerabilities often remain undetected for extended periods before being actively exploited in the wild. Organizations should consider implementing additional monitoring for SSH authentication attempts and signature verification anomalies to detect potential exploitation attempts. The vulnerability's remediation process should include comprehensive testing of the patched version to ensure that the cryptographic signature verification functions correctly without introducing regressions in the SSH client functionality. The security community should remain vigilant for any reports of exploitation attempts or related vulnerabilities that might emerge from similar cryptographic implementation flaws in other SSH clients or cryptographic libraries.