CVE-2026-48850
PuTTY RSA Key Exchange Double Free Vulnerability
Publication date: 2026-05-25
Last updated on: 2026-05-25
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| putty | putty | to 0.84 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-415 | The product calls free() twice on the same memory address. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a double free issue in the RSA key exchange (KEX) component of PuTTY versions 0.72 through 0.83. A double free occurs when a program attempts to free the same memory location twice, which can lead to undefined behavior, including crashes or potential exploitation.
How can this vulnerability impact me? :
The impact of this vulnerability is limited to availability, as indicated by the CVSS score. It can cause a denial of service by crashing the application due to improper memory handling. There is no indication that confidentiality or integrity are affected.