I'm disclosing three remote code execution (RCE) 0 days for KiTTY. KiTTY is a fork of PuTTY and has 20 million+ downloads. The vulnerability was introduced in the original release and is stable and reliable on Windows 11-Windows XP. Your sysadmin who likes cats and needs PuTTY is probably using it. The lead developer of KiTTY never replied after multiple contacts (see Timeline).
