Skip to main content

Squid CVE-2026-47729

MEDIUM
Out-of-bounds Read (CWE-125)
2026-06-12
6.5
CVSS 3.1 · Vendor
Share

Severity by source

Vendor (CNA) PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
SUSE
MEDIUM
qualitative
Red Hat
6.5 MEDIUM
qualitative

Primary rating from Vendor (CNA).

CVSS VectorVendor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
CVSS changed
Jul 16, 2026 - 17:22 NVD
6.5 (MEDIUM)
Analysis Generated
Jun 12, 2026 - 12:45 vuln.today

Description PRE-NVD

Disclosed via oss-security. NVD scoring and full description are pending.

AnalysisAI

Squid proxy server is affected by CVE-2026-47729, disclosed alongside CVE-2026-50012 in a single oss-security post dated 2026-06-12 by Amos Jeffries. This is a pre-NVD disclosure, meaning technical details, affected versions, CVSS scores, and patch information have not yet been published to the NVD. No exploit code has been identified at time of analysis, and CISA KEV status is not confirmed.

Technical ContextAI

Squid is a widely deployed open-source caching and forwarding HTTP/HTTPS proxy used in enterprise and ISP environments. It supports a broad range of protocols including HTTP, HTTPS, FTP, and TLS interception. The specific vulnerability class (CWE) for CVE-2026-47729 is NOT available in the provided data - no CWE, CPE, or technical description has been published. The co-disclosure with CVE-2026-50012 in a single oss-security thread by the same author (Amos Jeffries, a known Squid maintainer) suggests both issues may have been discovered or patched concurrently, but the relationship between them cannot be confirmed from available data.

Affected ProductsAI

The affected product is confirmed to be Squid proxy server, based on the oss-security thread subject line. No specific affected version range, CPE string, or platform constraint is available in the provided data. The vendor advisory or thread details at https://www.openwall.com/lists/oss-security/2026/06/12 should be consulted directly for version specifics. No NVD entry yet exists for this CVE to cross-reference CPE data.

RemediationAI

No patch version or vendor advisory with remediation guidance is available from the provided data. Organizations running Squid should monitor the oss-security thread at https://www.openwall.com/lists/oss-security/2026/06/12 and the official Squid security advisory page (https://www.squid-cache.org/Advisories/) for patch releases. As a general compensating control pending patch availability, operators should restrict external access to the Squid listener port to trusted source IP ranges only, and ensure Squid is not exposed directly to untrusted networks - however, the effectiveness of these mitigations depends on the actual attack vector, which is currently unknown. Patch status is: No vendor-released patch identified at time of analysis.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise High Performance Computing 15 SP7 Affected
SUSE Linux Enterprise Module for Server Applications 15 SP7 Affected
SUSE Linux Enterprise Server 15 SP7 Affected
SUSE Linux Enterprise Server 16.0 Affected
SUSE Linux Enterprise Server 16.1 Affected

Share

CVE-2026-47729 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy