A memory disclosure flaw in the Squid web proxy’s FTP gateway has been disclosed as CVE-2026-47729, a moderate-severity vulnerability affecting Squid versions before 7.6. Researchers at Calif.io called the bug “Squidbleed” because it can expose stale memory from unrelated proxy transactions. Squid is a caching proxy used to handle HTTP, HTTPS, FTP and other network traffic. The project’s advisory assigns the vulnerability a CVSS score of 6.5, with high confidentiality impact and no listed impact