Decades-Old Squid Proxy Flaw Can Expose User Data
ID: 71425b31-af7f-5492-a0b9-6e29ea7be350
STIX ID: report--71425b31-af7f-5492-a0b9-6e29ea7be350
Feed Name: Security Boulevard
Security researchers disclosed a decades-old memory-leak vulnerability in Squid Proxy (CVE-2026-47729, "Squidbleed") in the FTP parser that can leak cleartext HTTP request data from other users routed through the same proxy. The issue primarily threatens shared proxy environments (corporate networks, schools, public Wi‑Fi) where an attacker who controls an FTP server reachable by the proxy could capture credentials, session tokens, and API keys; standard HTTPS Connect tunnels are not affected. A patch was merged into Squid version 8 and shipped in 7.6 (June 2026); recommended mitigations include applying the patch, disabling FTP support if unnecessary, and eliminating cleartext HTTP traffic.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
