Squid web proxy heap over-read security flaw (CVE-2026-47729)
Vulnerability
Summary
Hide ▲
Show ▼
Squid web proxy is affected by CVE-2026-47729, a heap over-read that can leak another user's cleartext HTTP request, including credentials or session tokens, to another client on the same proxy.
Related Happenings
MongoDB CVE-2025-14847 active exploitation worldwide
Exploitation Wave
H score39
First: 29.12.2025 09:49
Last: 29.12.2025 09:49
Sources 1
About this happening:
**CVE-2025-14847** is being **actively exploited** against **MongoDB** deployments, putting a global pool of **87,000+** potentially susceptible instances at risk. The wave matter...
MongoDB CVE-2025-14847 active exploitation worldwide
Exploitation WaveAbout this happening: **CVE-2025-14847** is being **actively exploited** against **MongoDB** deployments, putting a global pool of **87,000+** potentially susceptible instances at risk. The wave matter...
MongoDB Server CVE-2025-14847 mitigation advisory
Advisory/Mitigation
H score84
First: 24.12.2025 16:18
Last: 24.12.2025 16:18
Sources 1
About this happening:
MongoDB issued an **immediate mitigation advisory** for **CVE-2025-14847**, warning that **MongoDB Server** deployments face a **high-severity memory-read flaw** that **unauthenti...
MongoDB Server CVE-2025-14847 mitigation advisory
Advisory/MitigationAbout this happening: MongoDB issued an **immediate mitigation advisory** for **CVE-2025-14847**, warning that **MongoDB Server** deployments face a **high-severity memory-read flaw** that **unauthenti...
Google Chrome CVE-2025-2783 active exploitation wave
Exploitation Wave
H score41
First: 28.10.2025 10:22
Last: 28.10.2025 10:22
Sources 1
About this happening:
**CVE-2025-2783** is being actively exploited in **Google Chrome** against organizations in **Russia and Belarus**, creating sandbox-escape and payload-delivery risk for exposed b...
Google Chrome CVE-2025-2783 active exploitation wave
Exploitation WaveAbout this happening: **CVE-2025-2783** is being actively exploited in **Google Chrome** against organizations in **Russia and Belarus**, creating sandbox-escape and payload-delivery risk for exposed b...
Latest development: 17.12.2025 16:54
Kaspersky described a new Operation ForumTroll phishing wave targeting scholars in political science, international relations, and global economics at major Russian universities and research institutions with fake eLibrary emails from support@e-library[.]wiki, one-time links, and ZIP archives named <LastName>_<FirstName>_<Patronymic>.zip that run a LNK and PowerShell chain to fetch a DLL and deploy Tuoni for remote access.
Timeline
-
22.06.2026 17:29 2 articles · 2h ago
Calif.io discloses Squidbleed heap over-read in Squid web proxy
Initial DisclosureCalif.io discloses Squidbleed (CVE-2026-47729), a heap over-read in the Squid web proxy that can leak another user's cleartext HTTP request, including credentials or session tokens, to another client already allowed to use the same proxy. The flaw traces to a 1997 FTP-parsing change, remains live in Squid's default configuration, has public proof-of-concept code, and carries mitigation guidance to verify the FtpGateway.cc fix or disable FTP where it is not needed.
Show sources
- 29-Year-Old Squid Proxy Bug 'Squidbleed' Can Leak Cleartext HTTP Requests — thehackernews.com — 22.06.2026 17:29
- 29-Year-Old Squid Proxy Bug 'Squidbleed' Can Leak Cleartext HTTP Requests — thehackernews.com — 22.06.2026 17:29