Critical Squid Proxy Flaw ‘Squidbleed’ Exposes User Data

Critical Squid Proxy Flaw ‘Squidbleed’ Exposes User Data

Posted on By CWS

Researchers from Calif.io have identified a critical memory leak vulnerability in the Squid Proxy software, a flaw existing since 1997. Known as ‘Squidbleed’, this vulnerability has potential implications for user data security.

Understanding Squid Proxy and Its Vulnerability

Squid is an open-source web proxy utilized to reduce bandwidth and enhance response times through caching. It supports various protocols, including HTTP, HTTPS, and FTP. The vulnerability discovered by Calif researchers shares similarities with the infamous Heartbleed flaw in OpenSSL, leading to its designation as ‘Squidbleed’.

Officially recognized as CVE-2026-47729, this flaw arises from the FTP parser in Squid reading beyond its memory buffer, potentially accessing previous users’ HTTP request data stored in memory. This could allow sensitive information to be exposed.

Impact and Exploitation Risks

To exploit this vulnerability, an attacker must control an FTP server accessible through the proxy. The risk is especially pronounced in shared environments like corporate networks, educational institutions, and public Wi-Fi hotspots, where traffic is routed through a single Squid instance.

In such settings, attackers could stealthily extract HTTP request data from other users, capturing critical information such as authentication credentials, session tokens, and API keys. However, this is limited to cleartext HTTP traffic and configurations where Squid terminates TLS, as standard HTTPS connections remain unaffected.

Mitigation and Future Outlook

The discovery of Squidbleed was facilitated by the Claude Mythos AI model from Anthropic. Mitigation measures include applying patches released in Squid version 8 in April 2026 and version 7.6 in June 2026. Additionally, disabling FTP support can reduce risk if it is not necessary for operations.

Calif.io’s researchers have also uncovered other significant vulnerabilities, including a high-severity issue in OpenSSL and a DoS technique known as HTTP/2 Bomb, both identified with AI assistance. As cybersecurity threats continue to evolve, leveraging AI in vulnerability detection may become increasingly important.

Related: Attackers Exploit Gravity SMTP Plugin Flaw to Harvest Valuable WordPress Data

Related: Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure

Related: Majority of Internet-Accessible REDCap Servers Outdated

Security Week News Tags:, , , , , , , , ,

Related Posts

NIST Publishes Guide for Protecting ICS Against USB-Borne Threats NIST Publishes Guide for Protecting ICS Against USB-Borne Threats Security Week News
Oracle Releases June Security Patch with 245 Fixes Oracle Releases June Security Patch with 245 Fixes Security Week News
Marquis Data Breach Impacts 672,000 Individuals Marquis Data Breach Impacts 672,000 Individuals Security Week News
UK Legal Aid Agency Finds Data Breach Following Cyberattack UK Legal Aid Agency Finds Data Breach Following Cyberattack Security Week News
In Other News: PromptPwnd Attack, Small macOS Bounties, Chinese Hackers Trained in Cisco Academy In Other News: PromptPwnd Attack, Small macOS Bounties, Chinese Hackers Trained in Cisco Academy Security Week News
Japan Issues OT Security Guidance for Semiconductor Factories Japan Issues OT Security Guidance for Semiconductor Factories Security Week News