CVE-2026-47729 - Vulnerability Details - OpenCVE

A flaw was found in Squid. Due to improper input validation, an out-of-bounds read can occur in the FTP gateway. This issue allows an authenticated and trusted client to read memory from random transactions when accessing a misbehaving FTP server using the Squid gateway feature.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products

References

Link	Providers
https://github.com/squid-cache/squid/security/advisories/GHSA-8c37-pxjq-qwrg
https://nvd.nist.gov/vuln/detail/CVE-2026-47729
https://www.cve.org/CVERecord?id=CVE-2026-47729

History

Fri, 26 Jun 2026 00:15:00 +0000

Type	Values Removed	Values Added
Description		A flaw was found in Squid. Due to improper input validation, an out-of-bounds read can occur in the FTP gateway. This issue allows an authenticated and trusted client to read memory from random transactions when accessing a misbehaving FTP server using the Squid gateway feature.
Title		squid: memory disclosure in FTP gateway
Weaknesses		CWE-125
References		https://github.com/squid-cache/squid/security/advisories/GHSA-8c37-pxjq-qwrg https://nvd.nist.gov/vuln/detail/CVE-2026-47729 https://www.cve.org/CVERecord?id=CVE-2026-47729
Metrics	threat_severity `None`	cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}` threat_severity `Moderate`

MITRE

No data.

Vulnrichment

No data.

NVD

No data.

Redhat

Severity : Moderate

Publid Date: 2026-06-23T00:00:00Z

Links: CVE-2026-47729 - Bugzilla

OpenCVE Enrichment

Updated: 2026-06-26T01:30:17Z

{"bugzilla": {"description": "squid: memory disclosure in FTP gateway", "id": "2492882", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2492882"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "draft"}, "cwe": "CWE-125", "details": ["A flaw was found in Squid. Due to improper input validation, an out-of-bounds read can occur in the FTP gateway. This issue allows an authenticated and trusted client to read memory from random transactions when accessing a misbehaving FTP server using the Squid gateway feature."], "mitigation": {"lang": "en:us", "value": "When FTP access is not required, block FTP traffic at the proxy by adding the following settings to the squid.conf configuration file above any custom 'http_access allow' rules:\n~~~\nacl FTP proto FTP\nhttp_access deny FTP\n~~~\nWhen FTP access is required, configure Squid to only allow FTP access to specific and trusted destination domains. See the example below for restricting FTP access to the 'trusted.server.example.com' domain:\n~~~\nacl FTP proto FTP\nacl ftp_allowlist dstdomain .trusted.server.example.com\nhttp_access deny FTP !ftp_allowlist\n~~~"}, "name": "CVE-2026-47729", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "squid", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "squid", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "squid34", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "squid", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "squid", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "squid:4/squid", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "squid", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-06-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-47729\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-47729\nhttps://github.com/squid-cache/squid/security/advisories/GHSA-8c37-pxjq-qwrg"], "statement": "To exploit this issue, an attacker must have a valid account on the Squid proxy and must also control an FTP server reachable from the proxy on port 21. HTTPS traffic handled via CONNECT tunnels (the vast majority of modern web traffic) is opaque to the proxy because the underlying request data is encrypted and Squid does not have access to it. The impact is limited to information disclosure of cleartext HTTP request contents or traffic in TLS-terminating (SSL bump) proxy configurations where Squid decrypts and inspects traffic. FTP protocol usage has declined considerably in most environments since major browsers removed FTP support, further narrowing the practical attack surface. Due to these reasons, this vulnerability has been rated with a moderate severity.", "threat_severity": "Moderate"}