9 matches found
Access Control Bypass
Overview Affected versions of this package are vulnerable to Access Control Bypass due to the omission of SSH host verification options in the --proto-default process. An attacker can intercept or impersonate an SSH server by exploiting the lack of host verification during connection establishmen...
CVE-2026-12064
When a user invokes curl using a schemeless URL combined with --proto-default sftp or scp, a disconnect occurs between the tool layer and libcurl. The tool layer incorrectly infers the URL scheme, which erroneously bypasses the initialization of critical SSH security options like...
CVE-2026-12064
When a user invokes curl using a schemeless URL combined with --proto-default sftp or scp, a disconnect occurs between the tool layer and libcurl. The tool layer incorrectly infers the URL scheme, which erroneously bypasses the initialization of critical SSH security options like...
CVE-2026-12064 proto-default skips SSH verification
When a user invokes curl using a schemeless URL combined with --proto-default sftp or scp, a disconnect occurs between the tool layer and libcurl. The tool layer incorrectly infers the URL scheme, which erroneously bypasses the initialization of critical SSH security options like...
CVE-2026-12064
CVE-2026-12064 describes an issue in curl where using a schemeless URL with --proto-default for SFTP/SCP causes the tool layer to skip SSH security configuration (notably CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256 and CURLOPT_SSH_KNOWNHOSTS ). The libcurl runtime honors the default protocol and proceeds ...
Curl 7.81.0 < 8.21.0 Proto-Default Skips SSH Verification
The version of curl installed on the remote host is 7.81.0 prior to 8.21.0. It is, therefore, affected by an improper host validation vulnerability: - When a user invokes curl using a schemeless URL combined with --proto-default sftp, a disconnect occurs that erroneously bypasses the initializati...
proto-default skips SSH verification
When a user invokes curl using a schemeless URL combined with --proto-default sftp or scp, a disconnect occurs between the tool layer and libcurl. The tool layer incorrectly infers the URL scheme, which erroneously bypasses the initialization of critical SSH security options like...
CURL-CVE-2026-12064 proto-default skips SSH verification
When a user invokes curl using a schemeless URL combined with --proto-default sftp or scp, a disconnect occurs between the tool layer and libcurl. The tool layer incorrectly infers the URL scheme, which erroneously bypasses the initialization of critical SSH security options like...
PT-2026-51744
Name of the Vulnerable Software and Affected Versions curl affected versions not specified Description A disconnect between the tool layer and libcurl occurs when a user invokes curl with a schemeless URL and the --proto-default option set to sftp or scp. The tool layer incorrectly infers the URL...