Vulnerability in libcurl affecting SCP and SFTP connections
CVE-2026-9547
Currently unrated
What is CVE-2026-9547?
A security vulnerability exists in libcurl when handling connections over SCP and SFTP protocols. It occurs due to the mishandling of server host key types that do not match the expected keys stored in the known_hosts file. This flaw allows a libcurl-based application to connect to an untrusted server without raising an alert, potentially exposing users to man-in-the-middle attacks. Proper validation mechanisms are essential to prevent unauthorized access and protect data integrity during file transfers.
Affected Version(s)
curl 8.20.0
curl 8.19.0
curl 8.18.0
