Multiple Vulnerabilities in Squid Proxy (CVE-2026-47729, CVE-2026-50012)
Multiple vulnerabilities, including CVE-2026-47729 and CVE-2026-50012, have been identified in Squid proxy versions prior to 7.6, allowing an attacker to compromise data confidentiality and cause other unspecified security issues.
What's new
- l2 added CVE-2026-47729 +1 Jul 18, 07:05 via msrc
On June 23, 2026, the French National Agency for the Security of Information Systems (ANSSI) CERT-FR issued an advisory highlighting multiple vulnerabilities, identified as CVE-2026-47729 and CVE-2026-50012, in Squid proxy software. These vulnerabilities affect all Squid versions prior to 7.6. An unspecified attacker could exploit these flaws to achieve data confidentiality impairment and other undefined security problems. The presence of these vulnerabilities poses a significant risk to organizations using vulnerable Squid instances, as they could lead to unauthorized access to sensitive information flowing through the proxy or stored on the server. Defenders must prioritize patching to mitigate potential exploitation and safeguard network traffic integrity.
Attack Chain
- An attacker identifies a publicly accessible Squid proxy server running a vulnerable version (prior to 7.6).
- The attacker crafts and sends a specially malformed HTTP request or a series of requests to the vulnerable Squid server, targeting either CVE-2026-47729 or CVE-2026-50012.
- The Squid proxy's vulnerable component processes the malicious request without proper validation or sanitization.
- Successful exploitation of the vulnerability grants the attacker unauthorized access to internal data or network traffic handled by the proxy.
- This access leads to the impairment of data confidentiality, allowing the attacker to read or capture sensitive information.
- The attacker leverages the compromised access to potentially exfiltrate sensitive data from the targeted network.
- Exploitation may also trigger other unspecified security issues within the Squid proxy environment, potentially leading to further compromise.
Impact
The identified vulnerabilities in Squid versions prior to 7.6 can lead to a significant compromise of data confidentiality. While the source does not specify victim counts or targeted sectors, any organization utilizing Squid as a proxy, especially for sensitive data transmission, is at risk. Successful exploitation could result in unauthorized access to internal network communications, user credentials, and other proprietary information. The "unspecified security problem" further indicates potential for broader adverse effects beyond just data leakage, such as service disruption or further network penetration. The absence of specific exploit details prevents a precise enumeration of consequences, but the general risk to data confidentiality is high.
Recommendation
- Immediately update all Squid proxy installations to version 7.6 or later, as recommended in the Squid security bulletins linked in this brief.
- Ensure network segmentation and firewall rules are in place to restrict access to Squid proxy instances to only necessary sources, limiting the attack surface for CVE-2026-47729 and CVE-2026-50012.
- Deploy the latest security patches for CVE-2026-47729 and CVE-2026-50012 by following the vendor's documentation at the provided GitHub advisory URLs.