Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2026-9547
Received
More InfoOfficial Page
Source-2499f714-1537-4658-8207-48ae4bb9eae9
View Known Exploited Vulnerability (KEV) details
Published At-03 Jul, 2026 | 07:16
Updated At-03 Jul, 2026 | 07:16

When a libcurl-based application performs transfers via `SCP://` or `SFTP://` and utilizes the `CURLOPT_SSH_KEYFUNCTION` callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for that host in the `known_hosts` file. Instead of rejecting the mismatch, the callback mechanism fails to properly enforce the restriction, allowing the connection to succeed without warning and risking a potential man-in-the-middle attack.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
CPE Matches

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://curl.se/docs/CVE-2026-9547.html2499f714-1537-4658-8207-48ae4bb9eae9
N/A
https://curl.se/docs/CVE-2026-9547.json2499f714-1537-4658-8207-48ae4bb9eae9
N/A
https://hackerone.com/reports/37517122499f714-1537-4658-8207-48ae4bb9eae9
N/A
Hyperlink: https://curl.se/docs/CVE-2026-9547.html
Source: 2499f714-1537-4658-8207-48ae4bb9eae9
Resource: N/A
Hyperlink: https://curl.se/docs/CVE-2026-9547.json
Source: 2499f714-1537-4658-8207-48ae4bb9eae9
Resource: N/A
Hyperlink: https://hackerone.com/reports/3751712
Source: 2499f714-1537-4658-8207-48ae4bb9eae9
Resource: N/A
Change History
0Changes found

Details not found