Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-9547

When a libcurl-based application performs transfers via `SCP://` or `SFTP://` and utilizes the `CURLOPT_SSH_KEYFUNCTION` callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for that host in the `known_hosts` file. Instead of rejecting the mismatch, the callback mechanism fails to properly enforce the restriction, allowing the connection to succeed without warning and risking a potential man-in-the-middle attack.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 30.4%
CVSS Severity
CVSS v3 Score 7.4
Products affected by CVE-2026-9547
  • Haxx » Curl » Version: 7.69.0
    cpe:2.3:a:haxx:curl:7.69.0
  • Haxx » Curl » Version: 7.69.1
    cpe:2.3:a:haxx:curl:7.69.1
  • Haxx » Curl » Version: 7.70.0
    cpe:2.3:a:haxx:curl:7.70.0
  • Haxx » Curl » Version: 7.71.0
    cpe:2.3:a:haxx:curl:7.71.0
  • Haxx » Curl » Version: 7.71.1
    cpe:2.3:a:haxx:curl:7.71.1
  • Haxx » Curl » Version: 7.72.0
    cpe:2.3:a:haxx:curl:7.72.0
  • Haxx » Curl » Version: 7.73.0
    cpe:2.3:a:haxx:curl:7.73.0
  • Haxx » Curl » Version: 7.74.0
    cpe:2.3:a:haxx:curl:7.74.0
  • Haxx » Curl » Version: 7.75.0
    cpe:2.3:a:haxx:curl:7.75.0
  • Haxx » Curl » Version: 7.76.0
    cpe:2.3:a:haxx:curl:7.76.0
  • Haxx » Curl » Version: 7.76.1
    cpe:2.3:a:haxx:curl:7.76.1
  • Haxx » Curl » Version: 7.77.0
    cpe:2.3:a:haxx:curl:7.77.0
  • Haxx » Curl » Version: 7.78.0
    cpe:2.3:a:haxx:curl:7.78.0
  • Haxx » Curl » Version: 7.79.0
    cpe:2.3:a:haxx:curl:7.79.0
  • Haxx » Curl » Version: 7.79.1
    cpe:2.3:a:haxx:curl:7.79.1
  • Haxx » Curl » Version: 7.80.0
    cpe:2.3:a:haxx:curl:7.80.0
  • Haxx » Curl » Version: 7.81.0
    cpe:2.3:a:haxx:curl:7.81.0
  • Haxx » Curl » Version: 7.82.0
    cpe:2.3:a:haxx:curl:7.82.0
  • Haxx » Curl » Version: 7.83.0
    cpe:2.3:a:haxx:curl:7.83.0
  • Haxx » Curl » Version: 7.83.1
    cpe:2.3:a:haxx:curl:7.83.1
  • Haxx » Curl » Version: 7.84.0
    cpe:2.3:a:haxx:curl:7.84.0
  • Haxx » Curl » Version: 7.85.0
    cpe:2.3:a:haxx:curl:7.85.0
  • Haxx » Curl » Version: 7.86.0
    cpe:2.3:a:haxx:curl:7.86.0
  • Haxx » Curl » Version: 7.87.0
    cpe:2.3:a:haxx:curl:7.87.0
  • Haxx » Curl » Version: 7.88.0
    cpe:2.3:a:haxx:curl:7.88.0
  • Haxx » Curl » Version: 7.88.1
    cpe:2.3:a:haxx:curl:7.88.1
  • Haxx » Curl » Version: 8.0.0
    cpe:2.3:a:haxx:curl:8.0.0
  • Haxx » Curl » Version: 8.0.1
    cpe:2.3:a:haxx:curl:8.0.1
  • Haxx » Curl » Version: 8.1.0
    cpe:2.3:a:haxx:curl:8.1.0
  • Haxx » Curl » Version: 8.1.1
    cpe:2.3:a:haxx:curl:8.1.1
  • Haxx » Curl » Version: 8.1.2
    cpe:2.3:a:haxx:curl:8.1.2
  • Haxx » Curl » Version: 8.10.0
    cpe:2.3:a:haxx:curl:8.10.0
  • Haxx » Curl » Version: 8.10.1
    cpe:2.3:a:haxx:curl:8.10.1
  • Haxx » Curl » Version: 8.11.0
    cpe:2.3:a:haxx:curl:8.11.0
  • Haxx » Curl » Version: 8.11.1
    cpe:2.3:a:haxx:curl:8.11.1
  • Haxx » Curl » Version: 8.12.0
    cpe:2.3:a:haxx:curl:8.12.0
  • Haxx » Curl » Version: 8.12.1
    cpe:2.3:a:haxx:curl:8.12.1
  • Haxx » Curl » Version: 8.13.0
    cpe:2.3:a:haxx:curl:8.13.0
  • Haxx » Curl » Version: 8.14.0
    cpe:2.3:a:haxx:curl:8.14.0
  • Haxx » Curl » Version: 8.14.1
    cpe:2.3:a:haxx:curl:8.14.1
  • Haxx » Curl » Version: 8.15.0
    cpe:2.3:a:haxx:curl:8.15.0
  • Haxx » Curl » Version: 8.16.0
    cpe:2.3:a:haxx:curl:8.16.0
  • Haxx » Curl » Version: 8.17.0
    cpe:2.3:a:haxx:curl:8.17.0
  • Haxx » Curl » Version: 8.18.0
    cpe:2.3:a:haxx:curl:8.18.0
  • Haxx » Curl » Version: 8.2.0
    cpe:2.3:a:haxx:curl:8.2.0
  • Haxx » Curl » Version: 8.2.1
    cpe:2.3:a:haxx:curl:8.2.1
  • Haxx » Curl » Version: 8.4.0
    cpe:2.3:a:haxx:curl:8.4.0
  • Haxx » Curl » Version: 8.5.0
    cpe:2.3:a:haxx:curl:8.5.0
  • Haxx » Curl » Version: 8.6.0
    cpe:2.3:a:haxx:curl:8.6.0
  • Haxx » Curl » Version: 8.7.0
    cpe:2.3:a:haxx:curl:8.7.0
  • Haxx » Curl » Version: 8.7.1
    cpe:2.3:a:haxx:curl:8.7.1
  • Haxx » Curl » Version: 8.8.0
    cpe:2.3:a:haxx:curl:8.8.0
  • Haxx » Curl » Version: 8.9.0
    cpe:2.3:a:haxx:curl:8.9.0
  • Haxx » Curl » Version: 8.9.1
    cpe:2.3:a:haxx:curl:8.9.1


Contact Us

Shodan ® - All rights reserved