CVE-2026-47729 - Vulnerability Details

Description

A flaw was found in Squid. Due to improper input validation, an out-of-bounds read can occur in the FTP gateway. This issue allows an authenticated and trusted client to read memory from random transactions when accessing a misbehaving FTP server using the Squid gateway feature.

Published: n/a

Score: 6.5 Medium

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

A flaw in Squid’s FTP gateway allows an authenticated, trusted client to trigger an out‑of‑bounds read. This memory disclosure can reveal data from random transactions. The weakness originates from improper input validation and is classified as CWE‑125, which may expose sensitive information read from memory.

Affected Systems

All installations of the Squid caching proxy that enable the FTP gateway feature are affected. No specific version range is supplied, so users should examine their version and compare it against the advisory for the fix.

Risk and Exploitability

The CVSS score of 6.5 indicates a moderate risk. EPSS is not available and the vulnerability is not listed in CISA KEV. Exploitation requires an authenticated client with access to the FTP gateway, so only users with legitimate credentials and trusted network positions could leverage this weakness to read arbitrary memory.

No data.

Vendor Product Confidence Versions

Squid-cache

Squid

80%

Version	Status	Scheme	Platform
`—`	affected	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update Squid to the latest version that contains the patch for the FTP gateway out‑of‑bounds read.
If an upgrade cannot be performed immediately, disable the FTP gateway feature or restrict its use to trusted networks only.
Limit authentication to authorized clients and, if feasible, eliminate FTP traffic through Squid to mitigate potential exposure.

Generated by OpenCVE AI on June 26, 2026 at 01:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DSA	DSA-6360-1	squid security update

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://github.com/squid-cache/squid/security/advisories/GHSA-8c37-pxjq-qwrg
https://nvd.nist.gov/vuln/detail/CVE-2026-47729
https://www.cve.org/CVERecord?id=CVE-2026-47729

History

Fri, 26 Jun 2026 06:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Squid-cache Squid-cache squid
Vendors & Products		Squid-cache Squid-cache squid

Fri, 26 Jun 2026 00:15:00 +0000

Type	Values Removed	Values Added
Description		A flaw was found in Squid. Due to improper input validation, an out-of-bounds read can occur in the FTP gateway. This issue allows an authenticated and trusted client to read memory from random transactions when accessing a misbehaving FTP server using the Squid gateway feature.
Title		squid: memory disclosure in FTP gateway
Weaknesses		CWE-125
References		https://github.com/squid-cache/squid/security/advisories/GHSA-8c37-pxjq-qwrg https://nvd.nist.gov/vuln/detail/CVE-2026-47729 https://www.cve.org/CVERecord?id=CVE-2026-47729
Metrics	threat_severity `None`	cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}` threat_severity `Moderate`

Subscriptions

Squid-cache Squid

MITRE

No data.

Vulnrichment

No data.

NVD

No data.

Redhat

Severity : Moderate

Publid Date: 2026-06-23T00:00:00Z

Links: CVE-2026-47729 - Bugzilla

OpenCVE Enrichment

Updated: 2026-06-26T05:45:04Z

Weaknesses

CWE-125
Out-of-bounds Read

{"bugzilla": {"description": "squid: memory disclosure in FTP gateway", "id": "2492882", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2492882"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "draft"}, "cwe": "CWE-125", "details": ["A flaw was found in Squid. Due to improper input validation, an out-of-bounds read can occur in the FTP gateway. This issue allows an authenticated and trusted client to read memory from random transactions when accessing a misbehaving FTP server using the Squid gateway feature."], "mitigation": {"lang": "en:us", "value": "When FTP access is not required, block FTP traffic at the proxy by adding the following settings to the squid.conf configuration file above any custom 'http_access allow' rules:\n~~~\nacl FTP proto FTP\nhttp_access deny FTP\n~~~\nWhen FTP access is required, configure Squid to only allow FTP access to specific and trusted destination domains. See the example below for restricting FTP access to the 'trusted.server.example.com' domain:\n~~~\nacl FTP proto FTP\nacl ftp_allowlist dstdomain .trusted.server.example.com\nhttp_access deny FTP !ftp_allowlist\n~~~"}, "name": "CVE-2026-47729", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "squid", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "squid", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "squid34", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "squid", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "squid", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "squid:4/squid", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "squid", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-06-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-47729\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-47729\nhttps://github.com/squid-cache/squid/security/advisories/GHSA-8c37-pxjq-qwrg"], "statement": "To exploit this issue, an attacker must have a valid account on the Squid proxy and must also control an FTP server reachable from the proxy on port 21. HTTPS traffic handled via CONNECT tunnels (the vast majority of modern web traffic) is opaque to the proxy because the underlying request data is encrypted and Squid does not have access to it. The impact is limited to information disclosure of cleartext HTTP request contents or traffic in TLS-terminating (SSL bump) proxy configurations where Squid decrypts and inspects traffic. FTP protocol usage has declined considerably in most environments since major browsers removed FTP support, further narrowing the practical attack surface. Due to these reasons, this vulnerability has been rated with a moderate severity.", "threat_severity": "Moderate"}

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object