Squidbleed: 29-Year-Old Squid Bug Leaks User Credentials
June 23, 2026 
Squidbleed is a 29-year-old Squid Proxy flaw that can leak credentials, tokens, and other users’ HTTP data through a memory overread.
Researchers at Calif.io have disclosed CVE-2026-47729, a memory leak vulnerability in Squid Proxy that was introduced in 1997 and has remained undetected through nearly three decades of releases, audits, and rewrites. They named it Squidbleed because it works like Heartbleed: it causes the proxy to read past the end of a memory buffer and hand the contents to whoever asked.
“The bug occurs when no filename is provided after the modification timestamp.” reads the report published by the researchers. “Here’s such an example:
d [R----F--] supervisor 512 Jan 16 18:53In that case, *copyFrom is the null terminator at the end of the string.
However, instead of returning NULL and breaking out of the loop, strchr returns a pointer to the null terminator, as it is considered part of the string. This causes ++copyFrom to be executed and the cycle repeats until a non-null, non-whitespace byte is reached.“
The pointer then walks forward past the buffer boundary until it hits a non-null, non-whitespace byte, and whatever it finds there gets sent back to the attacker as a filename. The fix is two characters: check that *copyFrom isn’t null before calling the function strchr. One line of C, twenty-nine years of exposure.
The bug resides in Squid’s FTP directory listing parser, specifically in code written to handle NetWare FTP servers, which used four spaces between the timestamp and filename instead of one.
“The data starting from that byte, possibly belonging to another Squid Proxy user, is then returned to the attacker as the name of a file in the directory listing.” continues the report. “Since FTP support is enabled out of the box, and port 21 is included in the default Safe_ports ACL, no special flags or non-default settings are needed. The attacker only needs to control an FTP server reachable from the proxy.”
Squid is common in multi-user environments, corporate networks, schools, public Wi-Fi, and the researchers even spotted it running on an in-flight Wi-Fi system, on a version released nearly a decade ago.
What actually leaks is the contents of other users’ HTTP requests. Squid manages memory through per-size recycled buffer pools and doesn’t zero them when they’re freed.
“The line buffer used to parse FTP listings is allocated from MEM_4K_BUF. If that buffer previously held a victim’s HTTP request, only the first few dozen bytes are overwritten by the short FTP line — the rest of the 4KB buffer still contains the victim’s stale data.” states the report. “The strchr overread walks right past the null terminator and sends it all to the attacker.”
The researchers demonstrated it by leaking an Authorization header from a login page. Credentials, session tokens, API keys — anything that travels in a cleartext HTTP request through the shared proxy is in scope.
The exposure is limited. The researchers pointed out that standard HTTPS connections routed as opaque CONNECT tunnels aren’t affected, and the attacker needs to reach an FTP server from the proxy. But in corporate and legacy environments, sensitive data in cleartext HTTP isn’t unusual.
The researchers confirmed that they used Claude Mythos Preview to find the bug. When pointed at Squid’s FTP state machine, it identified the strchr null terminator behavior almost immediately, citing the exact C11 standard clause that makes strchr(w_space, '�') return non-null. Few human reviewers would catch that. It also recently found a high-severity OpenSSL vulnerability and the HTTP/2 Bomb denial-of-service technique, both through the same AI-assisted approach.
A patch was merged into Squid version 8 in April 2026 and shipped in version 7.6 in June 2026. If you can’t patch immediately, disabling FTP support removes the attack surface entirely. Chrome dropped FTP years ago, and most organizations running Squid are getting close to zero legitimate FTP traffic, turning it off costs nothing. FTP parsing might not be the only place where Squid forgot to stop reading.
“The dangers of raw memory access in C are well understood, but the subtleties of standard library functions like strchr are easier to overlook. Few developers would guess that searching for '�' succeeds, which may explain how a one-line bug survived close to 30 years of code review.” concludes the report. “Claude Mythos Preview, having trained on the entire C standard reference, treats this quirk as just another fact. When pointed at the right code, it spotted the bug almost immediately.”
Below is a video PoC of the attack along with PoCs.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, TPWD)
