A newly disclosed vulnerability in the widely used Squid web proxy has raised security concerns after researchers revealed that the flaw can expose another user’s cleartext HTTP requests, including sensitive credentials and session tokens. The issue, named Squidbleed and tracked as CVE-2026-47729, was disclosed by researchers at Calif.io in June 2026. The vulnerability draws comparisons to the Heartbleed incident due to its ability to leak memory contents through a heap over read condition. According to the researchers, the flaw has remained present in Squid’s default configuration for nearly three decades, originating from an FTP parsing change introduced in 1997. While the vulnerability does not allow attacks from arbitrary internet hosts, it can be exploited by individuals who already have permission to use the same proxy server, making shared environments such as schools, offices, universities, and public Wi Fi networks particularly relevant risk areas.
The vulnerability affects traffic that Squid can directly inspect. Standard HTTPS communications remain largely protected because they travel through encrypted CONNECT tunnels that prevent Squid from viewing their contents. However, cleartext HTTP traffic and environments where Squid is configured to decrypt and inspect TLS traffic may be exposed. Researchers explained that an attacker must also operate an FTP server accessible through port 21, which remains enabled by default in Squid installations. The flaw resides within Squid’s FTP directory listing parser, specifically in legacy code designed to support older NetWare servers that inserted extra spaces into directory listings. A whitespace handling loop fails to properly stop when it reaches a string terminator under certain conditions. If an attacker crafts a malicious FTP directory listing that ends immediately after a timestamp without a filename, the parser continues reading memory beyond the intended buffer boundary. As a result, internal memory contents can be copied and returned to the attacker as if they were legitimate filenames.
Researchers noted that the leaked data becomes particularly valuable because Squid reuses memory buffers without clearing their contents. A memory block that previously stored another user’s HTTP request may still contain headers, authentication details, session cookies, and other information. Since the malicious FTP response only overwrites a small portion of the memory region, the parser’s over read behavior can reveal the remaining data. Calif.io demonstrated the impact by extracting an Authorization header belonging to another user connected through the same proxy, providing enough information to impersonate that individual. Although proof of concept exploit code has been publicly released, researchers stated that there have been no confirmed reports of active exploitation at the time of disclosure. The vulnerability has nevertheless attracted attention because of its age, the simplicity of exploitation under the right conditions, and the widespread deployment of Squid across enterprise and institutional networks.
Security experts are advising administrators to verify that systems are properly patched rather than relying solely on software version numbers. Guidance surrounding the fix initially created some confusion after Squid maintainer Amos Jeffries first indicated that version 7.6 contained the correction before later clarifying that version 7.7 included the official fix. Subsequent analysis by Debian developer Salvatore Bonaccorso suggested that the relevant code changes may already be present in Debian’s Squid 7.6 package through backporting. The patch itself introduces a null terminator validation check before the vulnerable string handling operation and was merged into the development branch in April before reaching version 7 in May. Researchers also recommend disabling FTP functionality entirely where possible, noting that modern browsers such as Chromium removed FTP support years ago and that many organizations have little operational need for the protocol today. SUSE has assigned the vulnerability a moderate severity rating with a CVSS score of 6.5, reflecting the requirement for proxy access and the fact that the issue affects confidentiality rather than system integrity or availability. Calif.io further disclosed that Anthropic’s Claude Mythos Preview, the artificial intelligence model powering Project Glasswing, identified the parser issue during analysis, highlighting the growing role of AI assisted security research in uncovering long standing software flaws.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
