The report behind the latest #curl CVE is now disclosed: hackerone.com/reports/3355218
curl disclosed on HackerOne: CVE-2025-10966: missing SFTP host...
## Summary: When curl is built with the wolfSSH backend, the SSH/SFTP implementation in `lib/vssh/wolfssh.c` performs no server host key verification and exposes no host identity options in the...HackerOne
El Pamplina πΊπ¦ π΅πΈ
in reply to daniel:// stenberg:// • • •Cornelius K. 📎
in reply to daniel:// stenberg:// • • •