Squidbleed: A 29-Year-Old Squid Proxy Flaw That Leaks Cleartext HTTP Requests
Squidbleed, tracked as CVE-2026-47729, is an out-of-bounds read vulnerability in Squid Proxy's FTP gateway. The flaw allows a trusted client to perform an out-of-bounds read from random unrelated transactions when accessing a misbehaving FTP server through Squid's gateway feature.
Security researchers described Squidbleed as a Heartbleed-style memory disclosure issue that has existed in Squid since 1997. The vulnerability can expose cleartext HTTP request data, including credentials, cookies, session tokens, Authorization headers, and API keys, when an attacker has access to the same Squid proxy and can make the proxy connect to an attacker-controlled FTP server.
Although exploitation requires specific conditions, the issue is important because Squid is commonly deployed as shared proxy infrastructure. In such environments, traffic from multiple users, systems, and applications may pass through the same Squid process, increasing the risk that one user could recover sensitive data belonging to another.
About Squidbleed
Squid is a widely used open-source web proxy and caching server that supports HTTP, HTTPS, and FTP. Organizations use Squid to reduce bandwidth consumption, improve response times, enforce filtering policies, monitor traffic, and manage access to internet resources.
Because Squid often sits between users and external services, it may process sensitive data such as web requests, authentication tokens, API keys, cookies, and internal application traffic. This makes memory disclosure vulnerabilities in proxy infrastructure especially concerning.
The Squidbleed vulnerability was disclosed by Calif.io in June 2026 and was discovered with the aid of Anthropic's Claude Mythos. Calif.io traced the vulnerable FTP parsing behavior back to a January 1997 change related to NetWare FTP directory listings, making the flaw nearly three decades old at the time of disclosure.
The vulnerability also highlights a common security problem in long-lived software projects: legacy functionality may remain enabled for compatibility even after its practical use has declined. In this case, FTP support remained available in Squid, even though modern browsers and many modern enterprise workflows no longer depend heavily on FTP.
Why Squidbleed Matters
Squidbleed is not a remote code execution vulnerability. It does not allow an attacker to directly run commands on a Squid server. However, information disclosure flaws can still be highly damaging because leaked credentials, session cookies, and API keys may provide access to business applications, cloud platforms, and internal systems.
The risk is especially relevant in shared proxy deployments, such as corporate networks, schools, public Wi-Fi environments, and centralized enterprise gateways. Since Squid can process requests from many users in the same service, disclosed memory may contain fragments of traffic from unrelated users.
Researchers also noted that standard HTTPS traffic using CONNECT tunneling is generally not exposed because Squid relays it as opaque encrypted traffic. However, cleartext HTTP traffic and TLS-terminating Squid deployments may be at greater risk because request contents can be visible to the proxy before forwarding.
Vulnerability Details
| CVE ID | Severity / CVSS | Affected Product | Affected Component | Vulnerability |
|---|---|---|---|---|
| CVE-2026-47729 | 9.1(Critical) | Squid Proxy | FTP gateway / FTP directory-listing parser | Improper Validation of Syntactic Correctness of Input bug.Squid is vulnerable to a Out-of-bounds Read attack against the FTP gateway.This problem allows a trusted client to perform an Out-of-Bounds. Read from random unrelated transactions when accessing a misbehaving FTP server through Squid's gateway feature. |
| CVE-2026-50012 | 9.1(Critical) | Squid Proxy | FTP gateway / FTP directory-listing parser | Due to an Improper Input Validation bug, Squid is vulnerable to a Heap-based Buffer Overflow attack against cache digests. This problem allows a trusted server to perform a Heap-based. Buffer Overflow when sending maliciously crafted replies to cache_digest request messages. This attack is limited to Squid instances that have been compiled with the --enable-cache-digests option. |
The two high-severity vulnerabilities affecting Squid Proxy: CVE-2026-47729 and CVE-2026-50012. Both issues originate from improper input validation flaws in legacy Squid functionality and can be exploited under specific trust conditions. While CVE-2026-47729 affects Squid's FTP gateway and leads to sensitive memory disclosure, CVE-2026-50012 impacts the cache digest feature and can result in a heap-based buffer overflow.
CVE-2026-47729 (Squidbleed) is an out-of-bounds read vulnerability in Squid's FTP gateway parser. The flaw is triggered when Squid processes a specially crafted FTP directory listing from a misbehaving or attacker-controlled FTP server. Researchers discovered that the parser can incorrectly advance beyond the end of an allocated buffer while processing timestamp fields in FTP directory listings.
The vulnerable code path attempts to skip whitespace after parsing a timestamp using logic similar to strchr(w_space, *copyFrom). If the FTP listing ends immediately after the timestamp and does not contain a filename, the parser's pointer can land on the string's null terminator. Because the C function strchr() treats the terminating null byte as a valid search target, the parser may continue beyond the intended memory boundary.
This behavior results in a heap overread that can expose fragments of unrelated memory. Since Squid frequently reuses heap buffers for performance reasons, disclosed memory may contain portions of recently processed HTTP requests, including Authorization headers, cookies, session tokens, API keys, usernames, passwords, and other sensitive information belonging to unrelated users of the same proxy.
CVE-2026-50012 is a heap-based buffer overflow vulnerability affecting Squid's cache digest functionality. The flaw occurs when a trusted server sends maliciously crafted responses to cache digest request messages. Improper validation of the received digest data can cause Squid to write beyond the boundaries of an allocated heap buffer.
Successful exploitation of CVE-2026-50012 is limited to Squid deployments compiled with the --enable-cache-digests option. In affected environments, a malicious or compromised peer server may trigger memory corruption conditions that could result in application crashes, denial-of-service conditions, or potentially more severe impacts depending on memory layout and runtime behavior.
Together, these vulnerabilities demonstrate the security risks associated with legacy protocol handling and optional compatibility features that remain present in long-lived software projects. Organizations using affected Squid deployments should apply available fixes, verify distribution backports, and disable unnecessary features such as FTP gateway support or cache digests wherever possible.
Attack Flow
Step 1: Gain Access to a Shared Squid Proxy
The attacker must have legitimate access to the same Squid proxy used by the victim. This may occur in shared environments such as enterprise networks, public Wi-Fi deployments, schools, or hosted proxy services.
Step 2: Deploy a Malicious FTP Server
The attacker sets up an FTP server capable of returning specially crafted directory listing responses designed to trigger the vulnerable parser behavior.
Step 3: Send an FTP Request Through Squid
The attacker sends a request through the Squid proxy that forces Squid to connect to the malicious FTP server and process the crafted directory listing.
Step 4: Trigger the Heap Overread
The malformed FTP listing causes Squid's parser to advance beyond the null terminator and read memory outside the allocated FTP listing buffer.
Step 5: Recover Stale Memory Contents
The overread memory may contain stale data from unrelated Squid transactions, including previous HTTP requests handled by the same proxy process.
Step 6: Extract Sensitive Data
The attacker analyzes the returned data for Authorization headers, session cookies, API tokens, internal URLs, credentials, and other sensitive artifacts.
Potentially Exposed Data
Researchers observed that Squidbleed can expose fragments of previously processed HTTP requests. The exact information exposed depends on memory layout, traffic volume, proxy configuration, and recent user activity.
- HTTP Authorization headers
- HTTP cookies
- Session tokens
- API keys
- OAuth access tokens
- Internal application URLs
- Usernames
- Password fragments
- Proxy authentication data
- Custom application headers
- Internal API requests
- Web session identifiers
Impact
Successful exploitation can result in the disclosure of sensitive data processed by Squid. While the vulnerability does not directly provide code execution, exposed authentication data can enable follow-on attacks against business systems and user accounts.
- Exposure of cleartext HTTP requests
- Disclosure of Authorization headers
- Session cookie leakage
- API key exposure
- Credential disclosure
- Proxy user data exposure
- Cross-user information leakage
- Internal URL disclosure
- Privacy and compliance risks
- Potential session hijacking
The impact is situational. Environments that only relay standard HTTPS CONNECT traffic may have lower exposure because Squid does not inspect the encrypted payload. However, environments that process cleartext HTTP or perform TLS interception may have higher exposure because sensitive request contents can exist in Squid memory.
Detection Opportunities
Detecting exploitation may be difficult because attackers use legitimate Squid FTP gateway functionality rather than deploying malware. However, security teams can review proxy and network telemetry for unusual FTP behavior.
Organizations should investigate unexpected outbound FTP connections from Squid proxies, repeated FTP directory-listing requests, access to unfamiliar FTP servers, and unusual proxy usage patterns involving FTP traffic.
Security teams should also monitor for signs that credentials or tokens may have been exposed, including suspicious authentication attempts, unusual session reuse, unexpected API activity, and access from unfamiliar locations.
Mitigation
- 1. Upgrade to Squid 7.6.
- 2. Review TLS interception configurations and assess whether decrypted sensitive traffic could be present in Squid memory.
- 3. Disable FTP support in Squid if it is not required.
- 4. Restrict Squid proxy access to authorized users and trusted networks. Avoid exposing proxy access broadly.
- 5. Review proxy logs for unusual or repeated requests to unknown FTP servers, especially requests that generate directory listings.
- 6. Monitor outbound FTP connections from Squid proxies and investigate unfamiliar FTP destinations.
- 7. Rotate credentials, API keys, and session tokens if exploitation is suspected or if sensitive data may have passed through affected Squid deployments.
Instantly Fix Risks with Saner Patch Management
Saner patch management is a continuous, automated, and integrated software that helps security teams fix risks exploited in the wild. The software supports major operating systems such as Windows, Linux, and macOS, along with 550+ third-party applications.
It allows teams to set up a safe testing area to validate patches before deploying them in production. Saner patch management also supports patch rollback in case of patch failure or system malfunction.
Experience the fastest and most accurate patching software here.
