PatchSiren

TeraTerm Project CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM TeraTerm Project CVE published 2026-07-17

CVE-2026-60060

CVE-2026-60060 Improper Handling of Length Parameter Inconsistency (CWE-130) vulnerability exists in TTSSH2 plugin of Tera Term provided by TeraTerm Project. When Tera Term attempts to establish an SSH connection to a server set up by an attacker, out-of-bounds read/write may occur. The vulnerability may allow the contents of adjacent memory regions to be transmitted to the server, and Tera Term may behav [truncated]

MEDIUM TeraTerm Project CVE published 2026-07-17

CVE-2026-58317

CVE-2026-58317 Unsigned to Signed Conversion Error vulnerability in TTSSH2 plugin of Tera Term. Out-of-bounds read/write may occur when establishing an SSH connection to a server set up by an attacker, potentially transmitting contents of adjacent memory regions. This may cause Tera Term to behave unexpectedly or terminate abnormally. Users should apply patches and verify Tera Term and TTSSH2 plugin versions.