Squidbleed: a 29-year-old Squid proxy bug leaks HTTP creds
Squidbleed (CVE-2026-47729) is a Heartbleed-style memory leak in Squid proxy that survived 29 years. Here's who's exposed and what to do.
Everyone's watching the AI models. Meanwhile a one-line bug in a 29-year-old piece of infrastructure — the kind quietly relaying traffic in tens of thousands of networks — was leaking other people's HTTP requests, passwords included. It's called Squidbleed, and it's a reminder that the boring layer under your stack is still where you get hurt.
What actually happened
Researchers at Calif.io disclosed CVE-2026-47729 in June, naming it after Heartbleed because it leaks memory the same way. As The Hacker News reported, it's a heap over-read in Squid's FTP directory-listing parser. A whitespace-skipping loop — while (strchr(w_space, *copyFrom)) ++copyFrom; — runs off the end of the buffer when a malicious FTP server sends a listing line with no filename after the timestamp. The pointer walks past the string's null terminator into reused memory, and out comes another user's cleartext traffic: HTTP requests, session tokens, credentials.
The bug traces to a 1997 FTP-parsing change and survived three decades of releases, audits, and rewrites. SUSE rates it moderate, CVSS 6.5 — the score is capped because exploitation has real preconditions. The attacker needs to be an authorized proxy user, needs the proxy allowed to reach an attacker-controlled FTP server on port 21, and only cleartext HTTP or TLS-terminating setups leak (HTTPS rides through as an opaque CONNECT tunnel). The fix landed in Squid 7.7; the cleaner move the researchers recommend is turning FTP off entirely.
Why it matters for your business
Most small businesses don't run Squid on purpose. But it ships inside appliances, content filters, corporate gateways, and vendor "web security" boxes you bought and forgot. That's the actual lesson here — not this specific CVE, but the pile of unglamorous, unpatched infrastructure sitting between your users and the internet that nobody owns on the org chart.
So do the boring pass. Inventory what's actually running: proxies, gateways, load balancers, the firmware in that box in the server closet. If Squid is anywhere in the path, get it to 7.7+ or disable FTP support (Chromium dropped FTP years ago — almost nothing legitimate uses it anymore). More broadly: know what every network hop between your customer and your app is, who's responsible for patching it, and when it last got patched. A 29-year-old bug doesn't survive because it's clever. It survives because nobody was looking.
We treat infrastructure inventory and patch discipline as part of building, not an afterthought bolted on after an incident. The unsexy layer is where uptime and trust actually live.
Key takeaways
- Squidbleed (CVE-2026-47729) is a heap over-read in Squid proxy that leaks other users' cleartext HTTP requests, including credentials and session tokens
- The one-line bug dates to a 1997 change and survived 29 years of audits; rated CVSS 6.5 because exploitation needs proxy access and a reachable attacker FTP server
- Fix landed in Squid 7.7; disabling FTP support removes the attack surface entirely
- The real risk is forgotten infrastructure — Squid hides inside appliances and gateways; inventory every network hop and know who patches it
Not sure what's running between your customers and your app? We map the boring layer — proxies, gateways, firmware — and put patch discipline into the build instead of waiting for the incident. See how we harden the stack you actually run or book an infrastructure review.
Sources: The Hacker News, Calif.io.
- #squidbleed
- #cve-2026-47729
- #security
- #infrastructure
- #squid-proxy
Tommy Rush — Founder, Rush Commerce
Operator turned builder. 15+ years running operations — now shipping the systems businesses run on. More
Get The Rush Report weekly — one email, zero fluff.
Keep reading
Baseten's $1.5B says inference is the layer to own
Baseten raised $1.5B at up to $13B for AI inference infrastructure. Why the boring serving layer — not the model — decides your cost and uptime.
Read itMistral OCR 4: document automation you can self-host
Mistral OCR 4 adds bounding boxes, block types, and confidence scores at $2–4 per 1,000 pages — and runs in one container you control. What that unlocks for operators.
Read it