CVE-2026-4115— PuTTY Ed25519 Signature ecc-ssh.c eddsa_verify signature verification

CVSS 3.7 · Low EPSS 0.02% · P4 Updated Mar 23, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-4115

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

PuTTY Ed25519 Signature ecc-ssh.c eddsa_verify signature verification

Source: NVD (National Vulnerability Database)

Vulnerability Description

A vulnerability was detected in PuTTY 0.83. Affected is the function eddsa_verify of the file crypto/ecc-ssh.c of the component Ed25519 Signature Handler. The manipulation results in improper verification of cryptographic signature. The attack may be performed from remote. The attack requires a high level of complexity. The exploitability is told to be difficult. The exploit is now public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is identified as af996b5ec27ab79bae3882071b9d6acf16044549. It is advisable to implement a patch to correct this issue. The vendor was contacted early, responded in a very professional manner and quickly released a patch for the affected product. However, at the moment there is no proof that this flaw might have any real-world impact.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

密码学签名的验证不恰当

Source: NVD (National Vulnerability Database)

Vulnerability Title

PuTTY 数据伪造问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

PuTTY是Simon Tatham个人开发者的一套免费的Telnet、Rlogin和SSH客户端软件。该软件主要用于对Linux系统进行远程管理。 PuTTY 0.83版本存在数据伪造问题漏洞，该漏洞源于Ed25519签名处理组件中的加密签名验证不当，可能导致远程攻击。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	PuTTY	0.83	`cpe:2.3:a:putty:putty::::::::`

II. Public POCs for CVE-2026-4115

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2026-4115

请登录查看更多情报信息。

Same Patch Batch · n/a · 2026-03-22 · 7 CVEs total

CVE-2026-4562	7.3 HIGH	MacCMS Timming API Endpoint Timming.php weak authentication
CVE-2026-4542	5.4 MEDIUM	SSCMS layerImage Endpoint LayerImageController.Submit.cs path traversal
CVE-2026-4538	5.3 MEDIUM	PyTorch pt2 Loading deserialization
CVE-2026-4531	5.3 MEDIUM	Free5GC AMF handler.go HandleRegistrationComplete denial of service
CVE-2026-4563	4.3 MEDIUM	MacCMS Member Order Detail User.php order_info authorization
CVE-2026-4539	3.3 LOW	pygments archetype.py AdlLexer redos

IV. Related Vulnerabilities

Same vendor: n/a

Same weakness: CWE-347

V. Comments for CVE-2026-4115

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-4115— PuTTY Ed25519 Signature ecc-ssh.c eddsa_verify signature verification

I. Basic Information for CVE-2026-4115

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-4115

III. Intelligence Information for CVE-2026-4115

Same Patch Batch · n/a · 2026-03-22 · 7 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2026-4115

Leave a comment