CVE-2026-9547 in cURL
Summary
by MITRE • 07/03/2026
When a libcurl-based application performs transfers via `SCP://` or `SFTP://` and utilizes the `CURLOPT_SSH_KEYFUNCTION` callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for that host in the `known_hosts` file. Instead of rejecting the mismatch, the callback mechanism fails to properly enforce the restriction, allowing the connection to succeed without warning and risking a potential man-in-the-middle attack.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 07/03/2026
This vulnerability resides within the libcurl library's handling of secure shell connections through scp and sftp protocols where the application employs the CURLOPT_SSH_KEYFUNCTION callback mechanism. The flaw manifests when a server presents a host key that does not align with the previously recorded key type for that specific host within the known_hosts file. This represents a critical security weakness that undermines the fundamental trust model of secure shell communications and exposes applications to potential man-in-the-middle attacks.
The technical implementation issue stems from how libcurl processes the SSH key verification process when the CURLOPT_SSH_KEYFUNCTION callback is in use. Normally, when a host key mismatch occurs between what the server presents and what is stored in the known_hosts file, the system should reject the connection outright to prevent unauthorized access. However, this vulnerability allows the callback mechanism to fail in its enforcement role, creating a scenario where applications may silently accept potentially malicious host keys without alerting the user or application developer. This failure occurs specifically during the key type validation phase where libcurl does not properly cross-reference the presented key type against the stored key type for that host.
The operational impact of this vulnerability is significant for any application that relies on libcurl for secure file transfers over scp or sftp protocols, particularly those that implement custom SSH key handling through the CURLOPT_SSH_KEYFUNCTION callback. An attacker who can intercept network traffic between a client and server could potentially present an alternative host key type that does not match what the client expects, allowing them to establish a false connection while remaining undetected. This creates a persistent risk for applications where security is paramount such as automated backup systems, configuration management tools, or any enterprise infrastructure relying on secure file transfers. The vulnerability essentially renders the known_hosts file protection mechanism ineffective when certain callback functions are employed.
The flaw aligns with CWE-295 which addresses improper certificate validation and can be categorized under ATT&CK technique T1071.004 for application layer protocol execution. This vulnerability directly impacts the integrity of SSH host key verification, allowing attackers to bypass security controls that should prevent unauthorized access. Organizations using libcurl-based applications with scp/sftp functionality are at risk of credential theft, data exfiltration, or system compromise if they rely on the known_hosts file for host authentication. The silent failure mode makes this vulnerability particularly dangerous as it provides no warning to administrators or application users that a security breach may have occurred.
Mitigation strategies should include immediate upgrades to libcurl versions that address this specific flaw in host key validation. System administrators should review all applications using libcurl with SCP/SFTP functionality and ensure they are not relying on the vulnerable CURLOPT_SSH_KEYFUNCTION callback when proper host key verification is required. Additional controls such as implementing strict SSH configuration options, monitoring for unexpected host key changes, and conducting regular security audits of automated file transfer processes can help detect potential exploitation attempts. Organizations should also consider implementing network-level protections such as firewall rules that restrict access to known good hosts and ensure that all ssh connections are properly validated before establishing trust relationships with remote servers.