Back to overview

CVE-2026-47729

MEDIUM
6.5
CVSS 3.1
Description
Squid is a caching proxy for the Web. Prior to 7.6, due to an improper validation of syntactic correctness of input in the FTP gateway (src/clients/FtpGateway.cc), Squid is vulnerable to an out-of-bounds read: when a listing entry date in the TypeA or TypeB directory-listing formats is not followed by a filename, parsing was not restricted to the input buffer, so a trusted client accessing a misbehaving FTP server through Squid's gateway feature could read memory from random unrelated transactions. This issue is fixed in version 7.6.

Metadata

CVE ID
CVE-2026-47729
State
PUBLISHED
Assigner
GitHub_M
Reserved
2026-05-19 21:29 UTC
Published
2026-07-16 16:13 UTC
Last updated
2026-07-16 16:13 UTC
Primary CWE
CWE-125
CWE-125: Out-of-bounds Read
Vendor / Product
squid-cache / squid
Sources
cve.org  ·  NVD

Severity & Metrics

6.5 MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected products (1)
VendorProductPlatformVersions
squid-cache squid < 7.6
Weakness (CWE)
CWESourceDescription
CWE-125 cna CWE-125: Out-of-bounds Read
CWE-1289 cna CWE-1289: Improper Validation of Unsafe Equivalence in Input
CVSS scores (1)
ScoreSeverityVersionSourceVector
6.5 MEDIUM 3.1 cna CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References (5)
Back to overview