CVE-2026-60060 in TTSSH2
Summary
by MITRE • 07/17/2026
Improper Handling of Length Parameter Inconsistency (CWE-130) vulnerability exists in TTSSH2 plugin of Tera Term provided by TeraTerm Project. When Tera Term attempts to establish an SSH connection to a server set up by an attacker, out-of-bounds read/write may occur. As a result, the contents of adjacent memory regions may be transmitted to the server, and Tera Term may behave unexpected or terminate abnormally.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 07/17/2026
The vulnerability described represents a critical improper handling of length parameter inconsistency that affects the TTSSH2 plugin within the Tera Term terminal emulation software suite. This flaw falls under CWE-130, which specifically addresses issues where programs fail to properly validate or handle length parameters in data structures, leading to potential memory corruption and security implications. The vulnerability manifests when Tera Term attempts to establish secure shell connections to maliciously configured servers, creating an environment where attacker-controlled inputs can manipulate the software's memory handling routines.
The technical execution of this vulnerability occurs through the inconsistent treatment of length parameters during SSH connection establishment protocols. When Tera Term processes incoming data from a compromised server, the TTSSH2 plugin fails to properly validate the boundaries of expected data lengths, resulting in out-of-bounds read and write operations. This memory corruption can cause the application to access memory regions beyond its intended boundaries, potentially exposing sensitive information stored in adjacent memory locations. The vulnerability's impact extends beyond simple information disclosure, as it can trigger unpredictable application behavior including crashes, unexpected termination, or even potential code execution scenarios when combined with other exploit techniques.
The operational implications of this vulnerability are severe for organizations relying on Tera Term for remote system administration and network connectivity. Attackers can leverage this weakness to perform reconnaissance activities by extracting memory contents from the vulnerable application, potentially discovering sensitive information such as authentication tokens, session data, or other confidential materials stored in adjacent memory regions. The abnormal termination behavior also presents a denial of service vector that could disrupt critical administrative operations, particularly in environments where secure remote access is essential for system maintenance and monitoring tasks. This vulnerability directly impacts the integrity and availability of network management workflows that depend on stable terminal emulation software.
Organizations should implement immediate mitigations including updating to patched versions of Tera Term and TTSSH2 plugin as provided by the TeraTerm Project, applying security patches from their respective vendors, and implementing network segmentation controls to limit exposure to potentially malicious servers. The vulnerability's characteristics align with ATT&CK technique T1071.004 for application layer protocol manipulation and T1566 for phishing attacks targeting remote access tools, making it particularly dangerous in environments where users may inadvertently connect to compromised servers during routine administrative tasks. Additionally, organizations should consider implementing network monitoring solutions to detect unusual outbound data patterns that might indicate exploitation attempts, as the memory disclosure aspects of this vulnerability could provide attackers with valuable information for subsequent attack phases within their target networks.