CyberRota
← Ana sayfaya dön

CVE-2026-9547

UNKNOWN · CVSS N/A

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-07-03T07:16:25.990 · Çekilme zamanı: 2026-07-03T12:08:36.601426+00:00

CyberRota Yorumu

Detaylı analiz gerekiyor.

CVE
CVE-2026-9547
Severity
UNKNOWN
CVSS
N/A
EPSS
Yok

Orijinal NVD Açıklaması

When a libcurl-based application performs transfers via `SCP://` or `SFTP://` and utilizes the `CURLOPT_SSH_KEYFUNCTION` callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for that host in the `known_hosts` file. Instead of rejecting the mismatch, the callback mechanism fails to properly enforce the restriction, allowing the connection to succeed without warning and risking a potential man-in-the-middle attack.