Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: proxy (1 article)Clear

Squidbleed flaw in Squid proxy leaks other users' credentials by default

Researchers at Calif.io disclosed Squidbleed, a Heartbleed-style memory leak in the widely used Squid web proxy that exposes one user's cleartext HTTP traffic, including passwords, cookies, and session tokens, to anyone else allowed to use the same proxy. The flaw (CVE-2026-47729) is a heap over-read in Squid's decades-old FTP directory parser and is present in the default configuration of every Squid version. To exploit it, an attacker needs proxy access and must point the proxy at an FTP server they control. Only cleartext HTTP and TLS-intercepting setups are exposed; normal HTTPS tunnels are not. A proof-of-concept is public.

Check
Inventory every Squid proxy in your environment, including instances embedded in appliances or run by vendors, and check whether FTP support is enabled and whether the proxy terminates TLS for inspection.
Affected
All Squid proxy versions in their default configuration (CVE-2026-47729), especially shared proxies on corporate, campus, or public networks; cleartext HTTP and TLS-terminating inspection setups have traffic exposed.
Fix
Disable FTP support in Squid, which removes this attack surface at no cost since browsers no longer use it, and apply the upstream patch once your distribution ships a verified fix.