PatchSiren cyber security CVE debrief
CVE-2026-47729 squid-cache CVE debrief
CVE-2026-47729 is an out-of-bounds read vulnerability in Squid's FTP gateway feature. The issue arises from improper validation of syntactic correctness of input in the FTP gateway. This vulnerability allows a trusted client accessing a misbehaving FTP server through Squid's gateway feature to read memory from random unrelated transactions. The issue is fixed in Squid version 7.6. Affected deployments should prioritize updates.
- Vendor
- squid-cache
- Product
- squid
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-16
- Original CVE updated
- 2026-07-16
- Advisory published
- 2026-07-16
- Advisory updated
- 2026-07-16
Who should care
Users of Squid versions prior to 7.6 who utilize the FTP gateway feature should be aware of this vulnerability. This includes administrators of Squid servers, especially those providing caching proxy services for the web. Vulnerability management and security teams should review and prioritize updates.
Technical summary
The vulnerability is caused by an improper validation of syntactic correctness of input in the FTP gateway of Squid. Specifically, when a listing entry date in the TypeA or TypeB directory-listing formats is not followed by a filename, parsing was not restricted to the input buffer. This allows a trusted client accessing a misbehaving FTP server through Squid's gateway feature to read memory from random unrelated transactions. The issue has been fixed in Squid version 7.6. Technical impact is related to potential memory exposure.
Defensive priority
Medium priority should be given to updating Squid to version 7.6, especially for servers utilizing the FTP gateway feature. Additional security measures such as restricting access and monitoring should be considered for enhanced protection against potential threats related to this vulnerability. Compensating controls may be necessary for exposed systems during remediation planning and verification phases. Monitoring and detection capabilities should be reviewed for exposed assets requiring extra review. Exceptions and retesting of remediated assets should be tracked, and items should only be closed after evidence of successful remediation is documented. Asset inventory management may be necessary to identify potentially affected systems. Rollback and change window planning may be required for updates. Source tracking may be useful for verifying affected scope and vendor guidance compliance. Vulnerability management processes should include review of CVE and NVD information for affected products and versions. Security teams should assess operational impact based on affected product context and defensive impact based on technical framing of the vulnerability without unsupported root-cause or exploit claims. This vulnerability has a CVSS score of 6.5 and a severity of MEDIUM, indicating a moderate level of risk that should be addressed in a timely manner but not necessarily immediately. The NVD entry is currently Undergoing Analysis, which may affect the availability of detailed information for risk assessment. Therefore, defenders should focus on vendor guidance and compensating controls while awaiting further analysis. The vulnerability affects Squid's FTP gateway feature, which may not be widely used but could pose a significant risk if exploited. Therefore, a thorough review of system configurations and usage of the FTP gateway feature is recommended to assess potential exposure. Additionally, implementing monitoring and detection capabilities for anomalies in FTP server interactions could help in early detection of potential exploitation attempts. Overall, while the vulnerability is not extremely critical, it poses a moderate risk that should be addressed with
Recommended defensive actions
- Update Squid to version 7.6 or later
- Restrict access to the FTP gateway feature to only trusted clients
- Monitor FTP server interactions for anomalies
- Implement additional security measures for Squid server protection
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
Evidence notes
The CVE record was published on 2026-07-16T17:16:57.217Z and was last modified on 2026-07-16T17:36:21.340Z. The NVD entry is currently Undergoing Analysis. The vulnerability has a CVSS score of 6.5 and a severity of MEDIUM. Evidence is limited to CVE and NVD information. Defenders should verify Squid version usage and FTP gateway feature utilization.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-16T17:16:57.217Z and has not been modified since then. The NVD entry is currently Undergoing Analysis.