๐Ÿ” CVE Alert

CVE-2026-60060

MEDIUM 6.3
CVSS Score
6.3
EPSS Score
0.0%
EPSS Percentile
0th

Improper Handling of Length Parameter Inconsistency (CWE-130) vulnerability exists in TTSSH2 plugin of Tera Term provided by TeraTerm Project. When Tera Term attempts to establish an SSH connection to a server set up by an attacker, out-of-bounds read/write may occur. As a result, the contents of adjacent memory regions may be transmitted to the server, and Tera Term may behave unexpected or terminate abnormally.

Vendor teraterm project
Product ttssh2
Published Jul 17, 2026
Stay Ahead of the Next One

Get instant alerts for teraterm project ttssh2

Be the first to know when new medium vulnerabilities affecting teraterm project ttssh2 are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected Versions

TeraTerm Project / TTSSH2
1.00 alpha1 โ‰ค 3.6.1

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
teratermproject.github.io: https://teratermproject.github.io/SA/JVN65294474-en.html teratermproject.github.io: https://teratermproject.github.io/SA/JVN65294474.html jvn.jp: https://jvn.jp/en/jp/JVN65294474/