Decades-Old Squid Proxy Flaw 'Squidbleed' Can Expose User Data
A Heartbleed-style memory leak vulnerability in Squid Proxy, present since 1997, allows attackers to siphon sensitive user data from shared proxy environments.
Security researchers at Calif.io have disclosed a memory leak vulnerability in the widely used Squid Proxy server that has existed in the software since 1997. Dubbed 'Squidbleed' and officially tracked as CVE-2026-47729, the flaw is a Heartbleed-style bug that allows attackers to read beyond the boundary of a memory buffer, potentially exposing sensitive user data from the proxy's memory.
Squid is a popular open-source web proxy that reduces bandwidth and improves response times through caching. It supports HTTP, HTTPS, FTP, and other protocols, making it a staple in corporate networks, schools, and public Wi-Fi hotspots. The vulnerability resides in Squid's FTP parser, which reads beyond the allocated memory buffer into a region that may contain a previous user's uncleared HTTP request data.
Exploitation requires the attacker to control an FTP server reachable from the proxy. In shared proxy environments where multiple users route traffic through the same Squid instance, an attacker could silently siphon HTTP request data belonging to other users. This could include authentication credentials, session tokens, and API keys. The exposure is limited to cleartext HTTP traffic and deployments where Squid terminates TLS; standard HTTPS connections relayed as opaque CONNECT tunnels are not affected.
The vulnerability was discovered with the aid of Anthropic's Claude Mythos AI model, highlighting the growing role of artificial intelligence in vulnerability research. Calif.io researchers also recently found a high-severity vulnerability in OpenSSL and a DoS attack technique called HTTP/2 Bomb, both discovered using AI.
A patch was merged into Squid version 8 in April 2026 and shipped in version 7.6 in June 2026. Organizations that do not require FTP support can mitigate the risk by disabling FTP entirely. Given Squid's widespread deployment, administrators are urged to apply the patch promptly to prevent potential data breaches.
The Squidbleed vulnerability underscores the persistent risk of memory safety issues in legacy software. As attackers increasingly target proxy infrastructure to intercept sensitive data, timely patching and careful configuration remain critical defenses.
The vulnerability, now formally named Squidbleed, originates from a 1997 FTP-parsing change and remains exploitable in Squid's default configuration, according to researchers at Calif.io who disclosed the flaw in June 2026. The heap over-read can leak cleartext HTTP requests, including credentials and session tokens, to any other user already authorized to send traffic through the same proxy, widening the attack surface beyond earlier assumptions.
The vulnerability, named Squidbleed, was discovered with the assistance of Anthropic's Claude Mythos Preview AI model, which flagged the null terminator behavior in the strchr function. The flaw affects all Squid versions in default configuration and can leak up to 4,065 bytes of heap memory, potentially exposing other users' HTTP headers, passwords, and API keys. A proof of concept is publicly available, and the fix is a single null-check patch that has been merged into the Squid repository.