Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

Squid web proxy patch for CVE-2026-47729

Security Patch Release
First reported
Last updated
Happening score
H score 20
1 unique sources, 1 articles

Summary

Hide ▲

Squid maintainers merged a null-terminator check for CVE-2026-47729 into the development branch and v7, closing the FTP-parser over-read that could expose shared proxy traffic. The patch lands in the code path that handled cleartext HTTP requests and embedded credentials or session tokens. Administrators still need to verify that their deployed build or distro backport includes the fix.

Related Happenings

F5 security patch release for CVE-2026-42530

Security Patch Release
H score39 First: 18.06.2026 20:32 Last: 18.06.2026 20:32 Sources 1

About this happening: **F5** released security updates for **NGINX Open Source** after finding **two critical vulnerabilities** that could lead to **remote code execution** on affected systems. The pat...

Open Happening

LiteLLM v1.83.14-stable security fix release (multiple vulnerabilities)

Security Patch Release
H score42 First: 15.06.2026 19:39 Last: 15.06.2026 19:39 Sources 1

About this happening: **BerriAI** shipped **LiteLLM v1.83.14-stable** to close a **three-CVE chain** that could let a low-privilege proxy user reach **full admin** and **run code on the server**. The u...

Open Happening

LiteLLM endpoint-hardening patch release (CVE-2026-42271)

Security Patch Release
H score59 First: 09.06.2026 09:26 Last: 09.06.2026 09:26 Sources 1

About this happening: BerriAI released **LiteLLM 1.83.7**, hardening access to the vulnerable **MCP test endpoints** that accepted full server configurations. The update now requires the **PROXY_ADMIN*...

Open Happening

Cisco Unified Communications Manager security update for CVE-2026-20230

Security Patch Release
H score56 First: 04.06.2026 14:09 Last: 04.06.2026 14:09 Sources 1

About this happening: Cisco released **security updates** for **Cisco Unified Communications Manager (Unified CM)** to fix **CVE-2026-20230**, a **critical** flaw that could let a remote attacker reach...

Open Happening

Cisco Secure Workload REST API patch release (CVE-2026-20223)

Security Patch Release
H score55 First: 22.05.2026 08:36 Last: 22.05.2026 08:36 Sources 1

About this happening: Cisco patched **CVE-2026-20223**, a **CVSS 10.0** Secure Workload REST API flaw that could expose sensitive data and allow configuration changes across tenant boundaries. The upda...

Open Happening

Timeline

  1. 22.06.2026 17:29 2 articles · 2h ago

    Squid merges null-terminator guard for CVE-2026-47729

    Mitigation Patch Update

    Squid maintainers merged a null-terminator check before the vulnerable strchr calls in the FTP directory-listing parser, addressing CVE-2026-47729 and reducing the heap over-read that could expose another user's cleartext HTTP request, credentials, or session tokens on shared proxy deployments. The fix landed in the development branch and v7, and downstream operators still need to verify that their installed build or distro backport includes the guard.

    Show sources
    Open in new tab