Critical Squid Proxy Flaw ‘Squidbleed’ Exposes User Data

Critical Squid Proxy Flaw ‘Squidbleed’ Exposes User Data

Posted on By CWS

Researchers from Calif.io have identified a critical memory leak vulnerability in the Squid Proxy software, a flaw existing since 1997. Known as ‘Squidbleed’, this vulnerability has potential implications for user data security.

Understanding Squid Proxy and Its Vulnerability

Squid is an open-source web proxy utilized to reduce bandwidth and enhance response times through caching. It supports various protocols, including HTTP, HTTPS, and FTP. The vulnerability discovered by Calif researchers shares similarities with the infamous Heartbleed flaw in OpenSSL, leading to its designation as ‘Squidbleed’.

Officially recognized as CVE-2026-47729, this flaw arises from the FTP parser in Squid reading beyond its memory buffer, potentially accessing previous users’ HTTP request data stored in memory. This could allow sensitive information to be exposed.

Impact and Exploitation Risks

To exploit this vulnerability, an attacker must control an FTP server accessible through the proxy. The risk is especially pronounced in shared environments like corporate networks, educational institutions, and public Wi-Fi hotspots, where traffic is routed through a single Squid instance.

In such settings, attackers could stealthily extract HTTP request data from other users, capturing critical information such as authentication credentials, session tokens, and API keys. However, this is limited to cleartext HTTP traffic and configurations where Squid terminates TLS, as standard HTTPS connections remain unaffected.

Mitigation and Future Outlook

The discovery of Squidbleed was facilitated by the Claude Mythos AI model from Anthropic. Mitigation measures include applying patches released in Squid version 8 in April 2026 and version 7.6 in June 2026. Additionally, disabling FTP support can reduce risk if it is not necessary for operations.

Calif.io’s researchers have also uncovered other significant vulnerabilities, including a high-severity issue in OpenSSL and a DoS technique known as HTTP/2 Bomb, both identified with AI assistance. As cybersecurity threats continue to evolve, leveraging AI in vulnerability detection may become increasingly important.

Related: Attackers Exploit Gravity SMTP Plugin Flaw to Harvest Valuable WordPress Data

Related: Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure

Related: Majority of Internet-Accessible REDCap Servers Outdated

Security Week News Tags:, , , , , , , , ,

Related Posts

Maze Banks M to Tackle Cloud Security with AI Agents Maze Banks $25M to Tackle Cloud Security with AI Agents Security Week News
Korean Air Data Compromised in Oracle EBS Hack Korean Air Data Compromised in Oracle EBS Hack Security Week News
DigiCert Enhances Security After Support Portal Hack DigiCert Enhances Security After Support Portal Hack Security Week News
Trump’s AI Cybersecurity Order: Industry Insights Trump’s AI Cybersecurity Order: Industry Insights Security Week News
OpenClaw Flaw Could Allow AI Takeover via Malicious Sites OpenClaw Flaw Could Allow AI Takeover via Malicious Sites Security Week News
ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Aveva, Phoenix Contact ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Aveva, Phoenix Contact Security Week News