CVE-2025-10966 | cURL up to 8.16.0 SFTP Host key exchange without entity authentication (b011e3fcfb06d6c027859)

A vulnerability labeled as critical has been found in cURL up to 8.16.0. Affected is an unknown function of the component SFTP Host Handler. Executing manipulation can lead to key exchange without entity authentication.

The identification of this vulnerability is CVE-2025-10966. The attack may be launched remotely. There is no exploit available.

The affected component should be upgraded.VulDB Recent EntriesRead More