Updated: 2026-02-27 04:25:19.406628
Description:
When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0.0 | |
| CVSS Version 3.x | 0.0 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | curl | 7.76.1 | 0.0 | Released | CLSA-2026:1771501223 | 2026-02-19 12:32:53 | ||
| Alpine Linux 3.18 ELS | curl | 8.12.1 | 0.0 | Released | CLSA-2026:1772721939 | 2026-03-06 06:01:26 | ||
| CentOS 8.4 ELS | curl | 7.61.1 | 0.0 | In Testing | 2026-03-07 02:45:59 | |||
| CentOS 8.5 ELS | curl | 7.61.1 | 0.0 | In Testing | 2026-03-07 02:45:59 | |||
| CentOS Stream 8 ELS | curl | 7.61.1 | 0.0 | In Testing | 2026-03-06 16:47:12 | |||
| Debian 10 ELS | curl | 7.64.0 | 0.0 | In Testing | 2026-03-03 10:54:23 | |||
| TuxCare 9.6 ESU | curl | 7.76.1 | 0.0 | Released | CLSA-2026:1771501913 | 2026-02-19 12:32:50 | ||
| Ubuntu 16.04 ELS | curl | 7.47.0 | 0.0 | In Testing | 2026-03-06 16:19:04 | |||
| Ubuntu 18.04 ELS | curl | 7.58.0-2 | 0.0 | Needs Triage | 2026-02-04 08:32:42 | |||
| Ubuntu 20.04 ELS | curl | 7.68.0 | 0.0 | Needs Triage | 2026-02-04 08:32:47 |