JLSEC-2026-424
- Source
- https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2026/JLSEC-2026-424.md
- Import Source
- https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-424.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/JLSEC-2026-424
- Upstream
- Published
- 2026-05-04T13:12:06.605Z
- Modified
- 2026-05-04T13:32:21.077352773Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was...
- Details
-
curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms.
This prevents curl from detecting MITM attackers and more.
- Database specific
{ "license": "CC-BY-4.0", "sources": [ { "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-10966", "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10966", "modified": "2026-01-20T14:57:03.173Z", "id": "CVE-2025-10966", "database_specific": { "status": "Analyzed" }, "imported": "2026-05-02T08:39:49.682Z", "published": "2025-11-07T08:15:39.617Z" }, { "imported": "2026-05-02T08:42:44.074Z", "html_url": "https://github.com/advisories/GHSA-5gff-h54g-38r2", "modified": "2025-11-10T21:31:38Z", "id": "GHSA-5gff-h54g-38r2", "url": "https://api.github.com/advisories/GHSA-5gff-h54g-38r2", "published": "2025-11-07T09:30:24Z" }, { "url": "https://euvdservices.enisa.europa.eu/api/enisaid?id=EUVD-2025-38240", "html_url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-38240", "modified": "2025-11-10T20:26:07Z", "id": "EUVD-2025-38240", "imported": "2026-05-02T08:41:33.935Z", "published": "2025-11-07T07:26:30Z" } ] }- References