PatchSiren cyber security CVE debrief
CVE-2026-9547 curl CVE debrief
A libcurl-based application performing transfers via `SCP://` or `SFTP://` and utilizing the `CURLOPT_SSH_KEYFUNCTION` callback may silently accept an untrusted server. This occurs when a server presents a host key type that does not match the specific key type already recorded for that host in the `known_hosts` file. The vulnerability allows the connection to succeed without warning, potentially leading to a man-in-the-middle attack. Developers and users of libcurl-based applications should be aware of this issue and take steps to mitigate it.
- Vendor
- curl
- Product
- Unknown
- CVSS
- HIGH 7.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-03
- Original CVE updated
- 2026-07-07
- Advisory published
- 2026-07-03
- Advisory updated
- 2026-07-07
Who should care
Developers and users of libcurl-based applications that utilize the `CURLOPT_SSH_KEYFUNCTION` callback and transfer data via `SCP://` or `SFTP://` should be aware of this vulnerability and take steps to mitigate it. This includes reviewing and updating affected applications, implementing additional security measures, and monitoring for potential attacks.
Technical summary
The vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for that host in the `known_hosts` file. Instead of rejecting the mismatch, the callback mechanism fails to properly enforce the restriction, allowing the connection to succeed without warning and risking a potential man-in-the-middle attack. This issue affects libcurl-based applications using the `CURLOPT_SSH_KEYFUNCTION` callback for `SCP://` or `SFTP://` transfers.
Defensive priority
High
Recommended defensive actions
- Review and update libcurl-based applications to ensure they properly handle host key type mismatches.
- Implement additional security measures, such as verifying the host key type before establishing a connection.
- Monitor for and respond to potential man-in-the-middle attacks.
- Conduct a thorough review of affected systems and apply patches or mitigations as necessary.
- Verify the integrity of connections using `SCP://` or `SFTP://` protocols.
- Update documentation and training for developers and users on secure usage of libcurl.
- Perform regular security audits to detect and address potential vulnerabilities.
Evidence notes
The CVE record was published on 2026-07-03T07:16:25.990Z and was last modified on 2026-07-07T14:52:29.503Z. The NVD entry is currently Analyzed. This information is based on the provided source corpus and may not reflect the full scope of affected systems or potential impacts. Further verification is recommended to ensure accurate understanding of this vulnerability.
Official resources
-
CVE-2026-9547 CVE record
CVE.org
-
CVE-2026-9547 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
2499f714-1537-4658-8207-48ae4bb9eae9 - Patch, Vendor Advisory
-
Mitigation or vendor reference
2499f714-1537-4658-8207-48ae4bb9eae9 - Vendor Advisory
-
Mitigation or vendor reference
2499f714-1537-4658-8207-48ae4bb9eae9 - Exploit, Issue Tracking, Third Party Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-03T07:16:25.990Z and has not been modified since then. The NVD entry is currently Analyzed.