Security researchers have uncovered a nearly three-decade-old vulnerability in Squid Proxy that lets anyone sharing the same proxy silently steal other users' HTTP request data — including passwords, session tokens, and API keys.
The flaw, CVE-2026-47729, has been nicknamed Squidbleed after Heartbleed, the 2014 OpenSSL bug it closely resembles in both mechanism and impact.
Researchers at Calif.io disclosed the vulnerability in June after finding it in Squid's FTP directory-listing parser, tracing it to a code change committed on January 18, 1997 — predating all available commit history in Squid's GitHub repository. Proof-of-concept code is now public. No in-the-wild exploitation has been reported.
A One-Line Bug That Survived 29 Years
The flaw originates in a NetWare compatibility fix. NetWare FTP servers — common in late-'80s and '90s corporate environments — placed four spaces between a file's modification timestamp and its filename instead of the usual one. To handle that, Squid added a whitespace-skipping loop: while (strchr(w_space, *copyFrom)) ++copyFrom;
The problem surfaces when an attacker's FTP server sends a malformed directory listing with no filename after the timestamp. In that case, copyFrom points to the string's null terminator. Here's the subtle trap: the C standard requires strchr to treat the null terminator as part of the string it searches. So instead of returning NULL and stopping, the function finds a match, the loop increments the pointer past the buffer's end, and Squid's xstrdup copies whatever is in memory beyond that boundary — returning it to the attacker as a fictional filename.
What memory does it walk into? Squid recycles freed heap buffers without zeroing them. A 4KB buffer previously used to hold a victim's HTTP request gets reused to parse an incoming FTP listing. Only the first bytes of that buffer are overwritten by the short FTP line; the rest still holds the victim's raw request. The overread delivers up to 4,065 bytes of stale data back to the attacker. Calif.io's proof-of-concept successfully extracted an Authorization header from a co-user on the same proxy.
Where the Risk Is Real
Squid sees heavy deployment in shared network environments — corporate offices, university campuses, school networks, and airline Wi-Fi. Those are exactly the environments where multiple users route traffic through a single proxy instance. The attacker doesn't need elevated access: just an account on the same network with proxy usage permitted. FTP support and port 21 are both on by default, and no special Squid configuration is required on the victim's side.
The exposure is bounded. Only cleartext HTTP and TLS-terminating proxy setups where Squid decrypts traffic before forwarding are at risk. Standard HTTPS connections tunnel through Squid as an opaque relay and are unaffected. SUSE rates the flaw CVSS 6.5 (Moderate).
The find carries an unusual footnote: Calif.io used Anthropic's Claude Mythos Preview, the model behind Project Glasswing, to assist in the hunt. Pointed at the FTP parsing code, it flagged the strchr null-terminator edge case almost immediately — a quirk that apparently eluded three decades of human code review.
What Administrators Should Do
The patch is a two-character fix — adding a null-terminator check before each vulnerable strchr call in FtpGateway.cc. It was merged into Squid's development branch in April and the v7 branch in May. Squid 7.6 shipped June 8. Note a version caveat: Squid maintainer Amos Jeffries initially stated the fix was in 7.6, later indicated it would ship in 7.7, and as of June 22, the referenced patch commit appears to be present in 7.6. Verify the commit 865a131c7d is in your build before assuming you're covered.
The cleaner fix is simply disabling FTP. Chromium-based browsers dropped FTP support years ago, and most modern networks carry negligible legitimate FTP traffic. Turning it off eliminates this entire attack surface with no operational cost.
Squid 7.6 also patches a second CVE — CVE-2026-50012 — a heap-based buffer overflow in cache digest handling, affecting only instances compiled with --enable-cache-digests.