Squidbleed: 29-Year-Old Squid Bug Leaks User Credentials
ID: 7ed04a5f-c025-5838-aff4-0b0d0310ed72
STIX ID: report--7ed04a5f-c025-5838-aff4-0b0d0310ed72
Feed Name: Security Affairs
Threat Score
Squidbleed (CVE-2026-47729) is a 29-year-old memory-overread bug in Squid Proxy's FTP listing parser that can return stale 4KB buffer contents — including other users' HTTP Authorization headers, tokens, and cleartext request data — to an attacker controlling an FTP server reachable by the proxy; a patch was released (Squid 7.6/merged into 8) and disabling FTP removes the attack surface.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
