🟠 High  |  Source: Microsoft Security Response Center


CVE-2026-47729 is a memory disclosure vulnerability in Squid’s FTP gateway component, meaning an attacker could potentially extract sensitive data from memory during FTP proxying operations. This affects Azure environments where Squid is used as a proxy. Memory disclosure flaws can expose credentials, session tokens, or other sensitive data that should not be accessible to an attacker.

Security Architect’s Take: Audit any Azure workloads running Squid as an FTP proxy and apply vendor patches immediately; if Squid is not explicitly required for FTP gateway functionality, consider disabling that feature or replacing Squid with a patched alternative to reduce attack surface.

Original advisory: CVE-2026-47729 Squid: Memory disclosure in FTP gateway