Ghostwire

CVE-2026-47729: Squid is a caching proxy for the Web. Prior to 7.6, due to an improper validation of syntactic correctness of input in...

MEDIUM CVSS 0.0 Exploit Available 1 PoC

Published: July 16, 2026 | Last Modified: July 16, 2026

Description

Squid is a caching proxy for the Web. Prior to 7.6, due to an improper validation of syntactic correctness of input in the FTP gateway (src/clients/FtpGateway.cc), Squid is vulnerable to an out-of-bounds read: when a listing entry date in the TypeA or TypeB directory-listing formats is not followed by a filename, parsing was not restricted to the input buffer, so a trusted client accessing a misbehaving FTP server through Squid's gateway feature could read memory from random unrelated transactions. This issue is fixed in version 7.6.

Ghostwire Analysis — What This Means Practically

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Proof-of-Concept Exploits (1)

Security Coverage (6 articles)

References