A buffer overflow in Squid’s FTP parser allows extraction of user data such as session tokens and API keys in shared proxy environments; Squid 7.6 (June 2026) fixes the vulnerability.
The time advantage between vulnerability discovery and successful exploitation is disappearing through automated exploit generation, making traditional severity-based patch management obsolete.