🔐 CVE Alert

CVE-2026-9547

UNKNOWN 0.0

SSH improper host validation

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

When a libcurl-based application performs transfers via `SCP://` or `SFTP://` and utilizes the `CURLOPT_SSH_KEYFUNCTION` callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for that host in the `known_hosts` file. Instead of rejecting the mismatch, the callback mechanism fails to properly enforce the restriction, allowing the connection to succeed without warning and risking a potential man-in-the-middle attack.

Vendor curl
Product curl
Published Jul 3, 2026
Stay Ahead of the Next One

Get instant alerts for curl curl

Be the first to know when new unknown vulnerabilities affecting curl curl are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

curl / curl
8.20.0 ≤ 8.20.0 8.19.0 ≤ 8.19.0 8.18.0 ≤ 8.18.0 8.17.0 ≤ 8.17.0 8.16.0 ≤ 8.16.0 8.15.0 ≤ 8.15.0 8.14.1 ≤ 8.14.1 8.14.0 ≤ 8.14.0 8.13.0 ≤ 8.13.0 8.12.1 ≤ 8.12.1 8.12.0 ≤ 8.12.0 8.11.1 ≤ 8.11.1 8.11.0 ≤ 8.11.0 8.10.1 ≤ 8.10.1 8.10.0 ≤ 8.10.0 8.9.1 ≤ 8.9.1 8.9.0 ≤ 8.9.0 8.8.0 ≤ 8.8.0 8.7.1 ≤ 8.7.1 8.7.0 ≤ 8.7.0 8.6.0 ≤ 8.6.0 8.5.0 ≤ 8.5.0 8.4.0 ≤ 8.4.0 8.3.0 ≤ 8.3.0 8.2.1 ≤ 8.2.1 8.2.0 ≤ 8.2.0 8.1.2 ≤ 8.1.2 8.1.1 ≤ 8.1.1 8.1.0 ≤ 8.1.0 8.0.1 ≤ 8.0.1 8.0.0 ≤ 8.0.0 7.88.1 ≤ 7.88.1 7.88.0 ≤ 7.88.0 7.87.0 ≤ 7.87.0 7.86.0 ≤ 7.86.0 7.85.0 ≤ 7.85.0 7.84.0 ≤ 7.84.0 7.83.1 ≤ 7.83.1 7.83.0 ≤ 7.83.0 7.82.0 ≤ 7.82.0 7.81.0 ≤ 7.81.0 7.80.0 ≤ 7.80.0 7.79.1 ≤ 7.79.1 7.79.0 ≤ 7.79.0 7.78.0 ≤ 7.78.0 7.77.0 ≤ 7.77.0 7.76.1 ≤ 7.76.1 7.76.0 ≤ 7.76.0 7.75.0 ≤ 7.75.0 7.74.0 ≤ 7.74.0 7.73.0 ≤ 7.73.0 7.72.0 ≤ 7.72.0 7.71.1 ≤ 7.71.1 7.71.0 ≤ 7.71.0 7.70.0 ≤ 7.70.0 7.69.1 ≤ 7.69.1 7.69.0 ≤ 7.69.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗
curl.se: https://curl.se/docs/CVE-2026-9547.json curl.se: https://curl.se/docs/CVE-2026-9547.html hackerone.com: https://hackerone.com/reports/3751712

Credits

Joshua Rogers (Aisle Research) Joshua Rogers (Aisle Research)