Warning – Potential security breach!

This message, followed by “The server’s host key does not match the one WinSCP has in cache”, means that WinSCP has connected to the SSH server before, knows what its host key should be, but has found a different one.

This may mean that a malicious attacker has replaced your server with a different one, or has redirected your network connection to their own machine. On the other hand, it may simply mean that the administrator of your server has accidentally changed the key while upgrading the SSH software; this shouldn’t happen but it is unfortunately possible. Another legitimate reason for the host key change is that the address, you are connecting to, load balances to a set of SSH servers. If that’s the case, use Add button to build a list of known host keys, instead of using Update.

You should contact your server’s administrator and see whether they expect the host key to have changed. If so, verify the new host key in the same way as you would if it was new.1

Read more about verifying host keys.