Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added yesterday3 views

CVE-2026-12064

A flaw was found in curl. When a user invokes curl with a schemeless URL and specifies SFTP SSH File Transfer Protocol or SCP Secure Copy Protocol as the default protocol, the tool layer fails to initialize critical SSH security options. This bypasses host verification, allowing curl to connect t...

7.5CVSS5.9AI score0.00208EPSS
Exploits0References6
OSV
OSV
added 4 days ago2 views

ALPINE-CVE-2026-12064

When a user invokes curl using a schemeless URL combined with --proto-default sftp or scp, a disconnect occurs between the tool layer and libcurl. The tool layer incorrectly infers the URL scheme, which erroneously bypasses the initialization of critical SSH security options like...

7.5CVSS6AI score0.00208EPSS
Exploits0References1
NVD
NVD
added 4 days ago6 views

CVE-2026-12064

When a user invokes curl using a schemeless URL combined with --proto-default sftp or scp, a disconnect occurs between the tool layer and libcurl. The tool layer incorrectly infers the URL scheme, which erroneously bypasses the initialization of critical SSH security options like...

7.5CVSS0.00208EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 4 days ago11 views

CVE-2026-12064

When a user invokes curl using a schemeless URL combined with --proto-default sftp or scp, a disconnect occurs between the tool layer and libcurl. The tool layer incorrectly infers the URL scheme, which erroneously bypasses the initialization of critical SSH security options like...

7.5CVSS6AI score0.00208EPSS
Exploits0
Cvelist
Cvelist
added 4 days ago46 views

CVE-2026-12064 proto-default skips SSH verification

When a user invokes curl using a schemeless URL combined with --proto-default sftp or scp, a disconnect occurs between the tool layer and libcurl. The tool layer incorrectly infers the URL scheme, which erroneously bypasses the initialization of critical SSH security options like...

0.00208EPSS
Exploits0References3
curl security advisories
curl security advisories
added 2026/06/24 8:0 a.m.5 views

proto-default skips SSH verification

When a user invokes curl using a schemeless URL combined with --proto-default sftp or scp, a disconnect occurs between the tool layer and libcurl. The tool layer incorrectly infers the URL scheme, which erroneously bypasses the initialization of critical SSH security options like...

7.5CVSS6AI score0.00208EPSS
Exploits0References1Affected Software2
OSV
OSV
added 2026/06/24 8:0 a.m.9 views

CURL-CVE-2026-12064 proto-default skips SSH verification

When a user invokes curl using a schemeless URL combined with --proto-default sftp or scp, a disconnect occurs between the tool layer and libcurl. The tool layer incorrectly infers the URL scheme, which erroneously bypasses the initialization of critical SSH security options like...

7.5CVSS6AI score0.00208EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.14 views

PT-2026-51744

Name of the Vulnerable Software and Affected Versions curl affected versions not specified Description A disconnect between the tool layer and libcurl occurs when a user invokes curl with a schemeless URL and the --proto-default option set to sftp or scp. The tool layer incorrectly infers the URL...

6.1AI score0.00208EPSS
Exploits0References5
Hacker One
Hacker One
added 2026/06/12 2:55 a.m.15 views

curl: CVE-2026-12064: proto-default skips SSH verification

Summary When a user invokes curl with a schemeless URL and --proto-default sftp or scp, the tool layer guesses the URL is HTTP and skips setting SSH security options CURLOPTSSHHOSTPUBLICKEYSHA256, CURLOPTSSHKNOWNHOSTS. However libcurl's runtime correctly applies --proto-default and connects via...

7.5CVSS5.9AI score0.00208EPSS
Exploits0
Rows per page
Query Builder