PuTTY 0.84 fixes SSH crash bugs and a Telnet prompt spoofing issue

PuTTY 0.84 is now available with fixes for three minor security issues affecting SSH key exchange handling and Telnet or Rlogin session prompts. The update addresses two remotely triggerable crash bugs and one low-impact spoofing weakness tied to PuTTY’s trust sigil feature.

The PuTTY change log says version 0.84 was released on May 22, 2026. The official PuTTY 0.84 download page lists installers and standalone binaries for Windows, Windows on Arm, and Unix source builds.

The issues are not described as code execution flaws. However, they still matter because a malicious server or a man-in-the-middle attacker could crash the client before host key verification finishes, or trick users in a narrow Telnet proxy-authentication scenario.

What PuTTY 0.84 fixes

The release includes a fix for an ECDSA signature verification crash, a double-free bug in RSA key exchange, and incorrect trust-sigil behavior in Telnet and Rlogin sessions after proxy authentication.

PuTTY’s own notes describe the RSA key exchange bug as remotely triggerable but say there is no known way to exploit it for code execution. The ECDSA issue is also limited to a crash caused by an assertion failure.

The Telnet issue has a different impact. Instead of crashing the client, it could make a malicious server prompt look more trustworthy than it should, especially if the user connected through a proxy that asked for a password before the Telnet session began.

Key details at a glance

Item	Details
Release	PuTTY 0.84
Release date	May 22, 2026
Main fixes	RSA key exchange crash, ECDSA verification crash, Telnet trust-sigil spoofing issue
Highest likely impact	Client crash or user deception in narrow conditions
Code execution known?	No known code execution path disclosed
Recommended action	Upgrade to PuTTY 0.84

ECDSA crash could happen before host key checks

One fixed issue affects PuTTY’s NIST ECDSA signature verification. The ECDSA vulnerability note says PuTTY could fail an assertion while handling elliptic curve points with the same y-coordinate.

That mathematical case should not cause a client crash. However, a crafted host key and signature could trigger the failure during the initial SSH key exchange.

The timing is important because host key signature verification happens before PuTTY checks the host key against its cache. This means a man-in-the-middle attacker could swap in a bogus key and signature, then crash PuTTY before the user sees a host key warning.

The same PuTTY ECDSA advisory says the bug affects NIST curves P256, P384, and P521. Ed25519 and Ed448 are not affected by this particular issue.

RSA key exchange double-free causes another remote crash risk

The second SSH fix involves PuTTY’s implementation of RSA key exchange, a less commonly used method defined in RFC 4432. The bug affects versions 0.72 through 0.83.

According to the RSA key exchange advisory, the double-free happens only on an error-handling path. A malicious server can trigger it by offering only RSA key exchange, then sending an unexpectedly short key.

Because this also happens before host key verification, an on-path attacker could force the same condition. The realistic impact is denial of service, because the PuTTY team says it does not know any way to turn the double-free into a controlled exploit.

The PuTTY RSA KEX note credits Ben Smyth for reporting the issue and says the bug entered the code during 2019 work related to a test SSH server.

Telnet trust-sigil bug could spoof a password prompt

The third security fix affects PuTTY’s trust sigil, a small PuTTY icon shown beside client-generated prompts. The feature helps users tell real local prompts apart from text sent by a remote server.

The Telnet trust-sigil advisory says PuTTY did not properly clear the trusted state after proxy authentication in versions 0.83 and earlier. As a result, later Telnet or Rlogin session data could appear with trust sigils.

This could mislead a user if the first thing a malicious Telnet server or man-in-the-middle attacker sent was a fake request to re-enter a proxy password. The risk is small, but it still matters in environments that continue to use legacy protocols.

The same PuTTY Telnet note says the issue requires an old insecure login protocol such as Telnet, which limits the number of realistic attack scenarios.

CVE-2026-4115 was fixed, but its security impact is disputed

PuTTY 0.84 also includes a fix for EdDSA signature handling. This issue received CVE-2026-4115 from an external source, but the PuTTY maintainer does not consider it a real SSH client vulnerability.

The EdDSA bug note explains that PuTTY accepted Ed25519 and Ed448 signatures with an overlarge s value. That creates signature malleability, meaning someone with a valid signature could modify it into a different form that still verifies.

PuTTY’s analysis says this does not let an attacker create a signature for data they do not already have signed. It also argues that, in PuTTY’s SSH client use case, the issue does not create a practical security break.

The NVD entry for CVE-2026-4115 marks the record as disputed and notes that proof of real-world impact remains unclear.

Who should update PuTTY

Anyone using PuTTY, Plink, PSCP, PSFTP, Pageant, or related tools should update to version 0.84 when possible. The update is especially relevant for administrators who connect to untrusted servers, shared lab systems, third-party infrastructure, or old Telnet and Rlogin services.

Users can download the latest release from the official PuTTY 0.84 release page. Windows users should choose the right installer for their architecture and verify downloads when possible.

Enterprises should prioritize the update on jump boxes, administrator workstations, and systems used for remote server management. Even minor client crashes can interrupt troubleshooting, incident response, or maintenance work.

Recommended steps for administrators

• Upgrade PuTTY installations to version 0.84.
• Replace older PuTTY copies bundled in admin toolkits or shared folders.
• Discourage Telnet and Rlogin use where SSH is available.
• Check whether automation scripts use Plink or other PuTTY tools from old paths.
• Download installers only from official PuTTY distribution pages.
• Review environments where users connect through proxies before reaching legacy systems.

Why this update matters despite low severity

PuTTY 0.84 does not fix a headline-grabbing remote code execution bug. It fixes edge-case flaws that can still affect security and reliability in real environments.

The official PuTTY release notes make the scope clear: the SSH issues are crash bugs, while the Telnet and Rlogin issue involves misleading trust markers after proxy authentication.

The CVE-2026-4115 record also shows why technical context matters. A flaw can receive a CVE and still have disputed real-world impact in a specific protocol implementation.

For most users, the safest answer is simple. Install PuTTY 0.84, avoid Telnet where possible, and keep remote access clients updated alongside servers and network tools.

FAQ