CVE-2026-12064
CVE-2026-12064 affects curl versions including 7.81.0 prior to 8.21.0. When using a schemeless URL with --proto-default for SFTP/ SCP, the tool layer fails to initialize SSH host verification options (CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256 and CURLOPT_SSH_KNOWNHOSTS) while libcurl proceeds with the c...