Vulnerability in Curl
CVE-2026-12064
When a user invokes curl using a schemeless URL combined with `--proto-default` sftp (or scp), a disconnect occurs between the tool layer and libcurl. The tool layer incorrectly infers the URL scheme, which erroneously bypasses the initial…
Affected products
- Curl — versions 8.20.0, 8.19.0, 8.18.0