Ethical Hacking News
Squidbleed is a recent vulnerability in the Squid proxy software that allows attackers to leak sensitive information such as user credentials and HTTP data through memory overread. Researchers discovered the bug and reported it as CVE-2026-47729, emphasizing its potential risks for widespread exploitation. Organizations using Squid must prioritize updating their systems with the latest patches or disabling FTP support to mitigate the attack surface.
Squidbleed is a memory leak vulnerability in Squid proxy software that can exploit sensitive information such as user credentials and HTTP data. The bug, CVE-2026-47729, occurs when the Squid proxy reads past the end of a memory buffer and hands over contents to whoever requested it. The impact lies in its potential for widespread exploitation, particularly in environments with shared proxies or FTP servers. Disabling FTP support can remove the attack surface entirely. Patches have been merged into Squid version 8 and shipped in version 7.6 to fix the vulnerability.
Squidbleed, a recently discovered memory leak vulnerability in the Squid proxy software, has shed light on the potential risks associated with widely used network infrastructure. The bug, which can be exploited by attackers to leak sensitive information such as user credentials and HTTP data, has been identified as CVE-2026-47729.
According to researchers at Calif.io, who discovered and reported the vulnerability, Squidbleed is a result of a flawed implementation in the Squid proxy's FTP directory listing parser. Specifically, the bug occurs when no filename is provided after a modification timestamp, causing the proxy to read past the end of a memory buffer and hand over the contents to whoever requested it.
The impact of this vulnerability lies in its potential for widespread exploitation, particularly in environments where sensitive data is transmitted through shared proxies or FTP servers. The researchers noted that Squid is commonly used in multi-user environments, corporate networks, schools, public Wi-Fi networks, and even on in-flight Wi-Fi systems.
Squidbleed has similarities with the infamous Heartbleed bug, which was discovered nearly a decade ago and exposed the personal data of millions of users worldwide. The researchers used AI-assisted tools to identify the vulnerability, including Claude Mythos Preview, which identified the null terminator behavior in Squid's FTP state machine that makes it vulnerable.
While the exposure is not universal, as standard HTTPS connections routed through opaque CONNECT tunnels are not affected, and an attacker would need to reach an FTP server from the proxy to exploit the bug, the researchers emphasized that disabling FTP support could remove the attack surface entirely. With most organizations using Squid getting close to zero legitimate FTP traffic, turning it off costs nothing.
Pierluigi Paganini, a security researcher at Security Affairs, concluded in his report on Squidbleed: "The dangers of raw memory access in C are well understood, but the subtleties of standard library functions like strchr are easier to overlook." The patch for this vulnerability was merged into Squid version 8 in April 2026 and shipped in version 7.6 in June 2026.
In light of this discovery, it is crucial for organizations utilizing Squid proxy software to prioritize updating their systems with the latest patches or disabling FTP support as a preventative measure against potential exploitation. The incident highlights the importance of ongoing security monitoring, code review, and vulnerability management to protect sensitive data from falling into the wrong hands.
Related Information:
https://www.ethicalhackingnews.com/articles/Squidbleed-A-29-Year-Old-Squid-Proxy-Flaw-Exposed-ehn.shtml
https://securityaffairs.com/194041/hacking/squidbleed-29-year-old-squid-bug-leaks-user-credentials.html
https://nvd.nist.gov/vuln/detail/CVE-2026-47729
https://www.cvedetails.com/cve/CVE-2026-47729/
Published: Tue Jun 23 03:32:19 2026 by llama3.2 3B Q4_K_M
