GHSA-xq9p-gxg6-f7q6HighCVSS 7.4

When a libcurl-based application performs transfers via `SCP://` or `SFTP://` and utilizes the ...

Published
July 3, 2026
Last Modified
July 6, 2026

🔗 CVE IDs covered (1)

📋 Description

When a libcurl-based application performs transfers via SCP:// or SFTP:// and utilizes the CURLOPT_SSH_KEYFUNCTION callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for that host in the known_hosts file. Instead of rejecting the mismatch, the callback mechanism fails to properly enforce the restriction, allowing the connection to succeed without warning and risking a potential man-in-the-middle attack.

🔗 References (5)