Vulnerability in Curl
CVE-2026-9547
When a libcurl-based application performs transfers via `SCP://` or `SFTP://` and utilizes the `CURLOPT_SSH_KEYFUNCTION` callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type…
Affected products
- Curl — versions 8.20.0, 8.19.0, 8.18.0