Decades-Old Squid Proxy Flaw ‘Squidbleed’ Can Expose User Data

  Rassegna Stampa, Security
image_pdfimage_print

Security researchers at Calif.io have disclosed a memory leak vulnerability in Squid Proxy that has existed in the software since 1997. 

Squid is a widely used open source web proxy that can reduce bandwidth and improve response times via caching. Squid supports HTTP, HTTPS, FTP, and other protocols.

Calif researchers discovered that Squid is affected by a vulnerability that is similar to the notorious OpenSSL vulnerability known as Heartbleed, which is why they have dubbed it Squidbleed.

Officially tracked as CVE-2026-47729, the vulnerability causes Squid’s FTP parser to read beyond the boundary of a memory buffer, into a region that may contain a previous user’s uncleared HTTP request data.

Exploitation requires the attacker to control an FTP server reachable from the proxy. Squidbleed poses the biggest risk in shared proxy environments, such as corporate networks, schools, and public Wi-Fi hotspots, where multiple users may route traffic via the same Squid instance. 

An attacker with access to such a network could silently siphon HTTP request data belonging to other users, potentially capturing authentication credentials, session tokens, and API keys. 

Advertisement. Scroll to continue reading.

The exposure is limited to cleartext HTTP traffic and deployments where Squid terminates TLS. Standard HTTPS connections relayed as opaque Connect tunnels are not affected. While that reduces the overall attack surface, sensitive credentials can still travel in cleartext HTTP in many enterprise and legacy environments.

The vulnerability was discovered with the aid of Anthropic’s Claude Mythos AI model.

A patch was merged into Squid version 8 in April 2026 and shipped in version 7.6 in June 2026. The risk can be mitigated by disabling FTP support entirely if it’s not needed.

Calif researchers also recently found a high-severity vulnerability in OpenSSL and a DoS attack technique called HTTP/2 Bomb, which allows an attacker to quickly knock web servers offline. Both vulnerabilities were discovered using AI. 

Related: Attackers Exploit Gravity SMTP Plugin Flaw to Harvest Valuable WordPress Data

Related: Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure

Related: Majority of Internet-Accessible REDCap Servers Outdated

https://www.securityweek.com/decades-old-squid-proxy-flaw-squidbleed-can-expose-user-data/