Published:2026/07/16  Last Updated:2026/07/16

JVN#65294474
Multiple vulnerabilities in TTSSH2 plugin of Tera Term

Overview

TTSSH2 plugin of Tera Term provided by TeraTerm Project contains multiple vulnerabilities.

Products Affected

  • TTSSH2 1.00 alpha1 to 3.6.1
For information regarding the versions of Tera Term that include the affected TTSSH2, refer to the information provided by the developer.

Description

TTSSH2 plugin of Tera Term provided by TeraTerm Project contains the following vulnerabilities:

  • Unsigned to Signed Conversion Error (CWE-196)
    • CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N Base Score 5.1
    • CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Base Score 6.3
    • CVE-2026-58317
  • Improper Handling of Length Parameter Inconsistency (CWE-130)
    • CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N Base Score 5.1
    • CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Base Score 6.3
    • CVE-2026-60060

Impact

The following conditions may occur when Tera Term attempts to establish an SSH connection to a server set up by an attacker:

  • An out-of-bounds read may result in data from adjacent memory being treated as part of an incoming packet.
  • An out-of-bounds write may occur. The attacker cannot freely control the value written; only a temporary null-byte ('\0') write followed by restoration of the original value is possible.
As a result, the contents of adjacent memory regions may be transmitted to the server, and Tera Term may behave unexpected or terminate abnormally.

Solution

Update the Software
Update the software to the latest version in the Tera Term 5 series according to the information provided by the developer.
The developer has released the following version to address these vulnerabilities:

  • TTSSH2 3.6.2 (Tera Term 5.6.2)

Vendor Status

Vendor Link
TeraTerm Project TTSSH2 has out-of-bounds access vulnerability

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

CVE-2026-58317
Yukihiro Nakamura reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

CVE-2026-60060
TeraTerm Project reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2026-58317
CVE-2026-60060
JVN iPedia JVNDB-2026-000099