libcurl would reuse a previously created connection even when an SSH related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, two SSH settings were left out from the configuration match checks, making them match too easily.
Created curl tracking bugs for this issue: Affects: fedora-all [bug 2180435] Created mingw-curl tracking bugs for this issue: Affects: fedora-all [bug 2180437]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:6679 https://access.redhat.com/errata/RHSA-2023:6679