Researchers at Calif.io disclosed CVE-2026-47729 on June 23, 2026, a heap over-read vulnerability in Squid proxy’s FTP parser that can expose cleartext HTTP request data — including authentication credentials, session tokens, and API keys — belonging to other users routed through the same proxy instance. Named Squidbleed in reference to the Heartbleed memory leak that preceded it, the flaw traces to a commit from January 1997 and has survived undetected through three decades of Squid releases and independent security audits.
How It Works
Squid’s FTP parser contains a one-line bug: a strchr call that searches for a null terminator succeeds in a way that causes the parser to read beyond the boundary of the current user’s request buffer, into a memory region that may still contain uncleared HTTP request data from a previous user of the same proxy. An attacker who can route traffic through the proxy and cause it to make an FTP request to an attacker-controlled server can trigger this behaviour and capture whatever was sitting in the adjacent memory.
The exploitation prerequisites are meaningful but not prohibitive: the attacker must have access to the proxy (i.e. be an authorised user of it), and must be able to reach an FTP server on port 21 that they control. Both FTP support and port 21 are enabled in Squid’s default configuration. The researchers describe this as an “attack by a trusted client” — the threat model is malicious insiders, compromised endpoints, or lateral movement within a segmented network where proxy access is broadly granted.
Exposure in Shared Proxy Environments
Squid is one of the most widely deployed HTTP caching and filtering proxies in the world. It is extensively used in corporate networks as an outbound web proxy, in telecommunications provider infrastructure, in educational institutions, and in operational networks as a means of controlling and logging external web access.
In shared proxy environments — which describes the typical enterprise deployment — the attack surface is proportional to the number of concurrent users and the sensitivity of traffic routed through the proxy. HTTP credentials submitted to internal portals, session cookies for SaaS platforms, API keys in request headers: any of this may be present in memory adjacent to a subsequent user’s buffer. Finance sector organisations routing trading system or banking portal traffic through a centralised proxy, and telecommunications providers using Squid in subscriber-facing infrastructure, face meaningful exposure if the proxy is accessible to untrusted endpoints or shared with third-party users.
The highest-risk scenario is shared proxies in environments where adversaries have already established a foothold, such as a compromised workstation that has proxy access as part of its standard network configuration. Squidbleed provides a low-noise mechanism for credential harvesting that leaves no authentication logs on target systems.
Patch and Mitigation
The fix is a null-terminator check before the vulnerable strchr calls — a small change that was merged to Squid’s development branch in April 2026 and shipped in version 7. Organisations running Squid should verify their version and upgrade to v7 or the latest available patch release.
The cleaner mitigation for most environments is to disable FTP protocol support in Squid’s configuration. Most enterprise proxies carry negligible legitimate FTP traffic — Chromium deprecated FTP support years ago, and modern browser and application use of FTP is minimal. Disabling it removes this attack surface entirely, regardless of the Squid version in use.
Recommended Actions
- Identify all Squid proxy deployments and verify versions; upgrade to v7 or latest patched release
- Disable FTP protocol support in Squid configuration (
acl FTP proto FTPandhttp_access deny FTP) unless actively required - Review proxy access controls to confirm that only authorised endpoints can reach the proxy port
- Where Squid fronts sensitive internal traffic (financial systems, identity infrastructure), treat proxy access as a privileged pathway requiring the same controls as other sensitive network segments