Medium6.5Red Hat Linux Updated
memory disclosure in FTP gateway
CVE-2026-47729 Published Jun 23, 2026Updated by vendor Jun 23, 2026
Affected products & platforms
Red Hat LinuxUnclassified
Summary
memory disclosure in FTP gateway. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-125.
Mitigation checklist
Recommended fix / mitigation
- When FTP access is not required, block FTP traffic at the proxy by adding the following settings to the squid.conf configuration file above any custom 'http_access allow' rules: ~~~ acl FTP proto FTP http_access deny FTP ~~~ When FTP access is required, configure Squid to only allow FTP access to specific and trusted destination domains. See the example below for restricting FTP access to the 'trusted.server.example.com' domain: ~~~ acl FTP proto FTP acl ftp_allowlist dstdomain .trusted.server.example.com http_access deny FTP !ftp_allowlist ~~~
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.