• Home
  • cyber
  • Squid Proxy: Decades-Old Squid Proxy Flaw ‘Squidbleed’ Can Expose User Data
cyber Vulnerability

Squid Proxy: Decades-Old Squid Proxy Flaw ‘Squidbleed’ Can Expose User Data

Apr 1, 2026 2 min read
Squid Proxy: Decades-Old Squid Proxy Flaw ‘Squidbleed’ Can Expose User Data

Squid Proxy Vulnerability "Squidbleed" Exposes Sensitive Data Since 1997

Security researchers at Calif.io have uncovered a critical memory leak vulnerability in Squid Proxy, dubbed Squidbleed (CVE-2026-47729), which has persisted in the software since 1997. The flaw mirrors the infamous Heartbleed bug, allowing attackers to read beyond memory buffer boundaries in Squid’s FTP parser, potentially exposing sensitive data from prior HTTP requests.

Squid, a widely deployed open-source web proxy, is used to cache and optimize traffic for protocols like HTTP, HTTPS, and FTP, commonly found in corporate networks, schools, and public Wi-Fi hotspots. The vulnerability poses the greatest risk in shared proxy environments, where an attacker controlling an FTP server could silently harvest authentication credentials, session tokens, and API keys from other users.

The exposure is limited to cleartext HTTP traffic and deployments where Squid terminates TLS. While HTTPS traffic relayed via CONNECT tunnels remains unaffected, many enterprises and legacy systems still transmit sensitive data over unencrypted HTTP, expanding the potential attack surface.

The flaw was identified with assistance from Anthropic’s Claude Mythos AI model. A patch was integrated into Squid version 8 in April 2026 and backported to version 7.6 in June 2026. Organizations can mitigate the risk by disabling FTP support if unused.

This discovery follows Calif.io’s recent AI-assisted findings, including a high-severity OpenSSL vulnerability and the HTTP/2 Bomb denial-of-service technique. The firm continues to leverage AI in vulnerability research, highlighting its growing role in cybersecurity threat detection.

Source: https://www.securityweek.com/decades-old-squid-proxy-flaw-squidbleed-can-expose-user-data/

Squid HTTP Proxy project cybersecurity rating report: https://www.rankiteo.com/company/squid-http-proxy-project

"id": "SQU1782148033",
"linkid": "squid-http-proxy-project",
"type": "Vulnerability",
"date": "4/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 'Corporate networks, schools, '
                                              'public Wi-Fi hotspots',
                        'industry': 'Technology/Proxy Services',
                        'name': 'Squid Proxy',
                        'type': 'Software'}],
 'attack_vector': 'FTP parser exploitation',
 'data_breach': {'data_encryption': 'Limited to cleartext HTTP traffic',
                 'data_exfiltration': 'Potential',
                 'personally_identifiable_information': 'Potential',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': 'Authentication credentials, '
                                             'session tokens, API keys'},
 'date_resolved': '2026-06',
 'description': 'Security researchers at Calif.io have uncovered a critical '
                'memory leak vulnerability in Squid Proxy, dubbed Squidbleed '
                '(CVE-2026-47729), which has persisted in the software since '
                '1997. The flaw mirrors the infamous Heartbleed bug, allowing '
                'attackers to read beyond memory buffer boundaries in Squid’s '
                'FTP parser, potentially exposing sensitive data from prior '
                'HTTP requests. The vulnerability poses the greatest risk in '
                'shared proxy environments, where an attacker controlling an '
                'FTP server could silently harvest authentication credentials, '
                'session tokens, and API keys from other users.',
 'impact': {'data_compromised': 'authentication credentials, session tokens, '
                                'API keys',
            'identity_theft_risk': 'High',
            'systems_affected': 'Squid Proxy versions prior to 7.6 and 8'},
 'investigation_status': 'Resolved',
 'post_incident_analysis': {'corrective_actions': 'Patch development and '
                                                  'deployment, disabling FTP '
                                                  'support as mitigation',
                            'root_causes': 'Memory leak in Squid’s FTP parser '
                                           'since 1997'},
 'recommendations': 'Disable FTP support if unused, upgrade to patched '
                    'versions (7.6 or 8), avoid transmitting sensitive data '
                    'over unencrypted HTTP',
 'references': [{'source': 'Calif.io'}],
 'response': {'containment_measures': 'Disabling FTP support if unused',
              'remediation_measures': 'Patch integrated into Squid version 8 '
                                      '(April 2026) and backported to version '
                                      '7.6 (June 2026)',
              'third_party_assistance': 'Calif.io, Anthropic’s Claude Mythos '
                                        'AI model'},
 'title': "Squid Proxy Vulnerability 'Squidbleed' Exposes Sensitive Data Since "
          '1997',
 'type': 'Memory Leak Vulnerability',
 'vulnerability_exploited': 'Squidbleed (CVE-2026-47729)'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.