Critical Squid Proxy Vulnerability 'Squidbleed' Exposes User Data

A memory leak vulnerability named Squidbleed, tracked as CVE-2026-47729, has been discovered in the Squid web proxy software, affecting versions since 1997. This flaw allows attackers to read beyond memory buffer boundaries in the FTP parser, potentially exposing sensitive data such as authentication credentials and API keys. The vulnerability is particularly dangerous in shared proxy environments, like corporate networks and public Wi-Fi, where multiple users access a single Squid instance. Exploitation requires control over an FTP server accessible from the proxy. A patch was merged into Squid version 8 in April 2026 and released in version 7.6 in June 2026. Disabling FTP support can mitigate risks if FTP is not needed. Researchers from Calif.io discovered the vulnerability with the help of Anthropic's Claude Mythos AI model.

Key Points: • Squidbleed (CVE-2026-47729) is a critical memory leak vulnerability in Squid Proxy. • The flaw has existed since 1997 and can expose sensitive user data in shared environments. • A patch was released in June 2026, and disabling FTP support can help mitigate risks.