PuTTY 0.84 Fixes SSH KEX Crashes and Telnet Spoofing Flaw

PuTTY 0.84 (released May 24, 2026) patches three security issues: an ECDSA signature-verification assertion causing silent SSH client crashes for NIST curves (DoS), a double-free in the RSA key-exchange handling that can be remotely triggered to crash the client, and a trust-sigil state bug that can cause Telnet sessions routed through authenticated proxies to inherit trusted prompts, enabling credential spoofing; an additional EdDSA oversized S-value item (CVE-2026-4115) was also addressed. Users — particularly those using Telnet via authenticated proxies — are advised to upgrade immediately.