A significant vulnerability in the **Squid** web proxy, identified as a heap over-read, has been found to leak cleartext HTTP requests from other users. This includes potentially exposing credentials or session tokens to anyone already authorized to send traffic through the same proxy. Researchers at **Calif.io** disclosed the flaw in June, naming it **Squidbleed** (**CVE-2026-47729**) in a nod to the infamous **Heartbleed** vulnerability, which exploited similar memory leakage mechanisms. **Squid** describes this as an attack by a "trusted client" – meaning an attacker must already have permission to use the proxy, rather than being an external, unauthorized entity. This scenario is common in shared network environments such as schools, corporate offices, and public Wi-Fi hotspots, where the attacker is simply another user on the same network. It's important to note that the leak only affects traffic that **Squid** can read. Standard HTTPS traffic, which uses an opaque CONNECT tunnel, is not exposed. The vulnerability primarily impacts cleartext HTTP traffic and configurations where **Squid** performs TLS termination for inspection purposes. For the attack to succeed, the proxy must also be able to reach an FTP server controlled by the attacker on port 21. Both FTP functionality and this port are enabled by default in **Squid**. ## How the Leak Works The vulnerability resides within **Squid**'s FTP directory-listing parser. The code, designed to handle legacy **NetWare** servers that padded listings with extra spaces, uses a loop to skip whitespace: `while (strchr(w_space, *copyFrom)) ++copyFrom;`. If an attacker's FTP server sends a listing line that terminates directly after the timestamp without a filename, `copyFrom` lands on the string's null terminator. The `strchr` function then incorrectly interprets this null terminator as part of the string it's searching, causing the loop to continue indefinitely. This leads to an out-of-bounds read, and `xstrdup` subsequently copies whatever follows in memory back to the attacker, presenting it as a filename. The leaked bytes are the critical element. **Squid** reuses freed memory buffers without zeroing them, meaning a 4KB buffer that recently held a victim's HTTP request could still contain most of that data. A short, malicious FTP line overwrites only the initial bytes, allowing the over-read to retrieve the remaining sensitive information. **Calif.io**'s demonstration successfully extracted an `Authorization` header from a victim sharing the same proxy, providing enough information to impersonate that user. Proof-of-concept code has been made public, though no in-the-wild exploitation has been reported as of the time of writing. ## Mitigation Strategies Organizations using **Squid** proxies are urged to address this vulnerability promptly. If patching, it is crucial to verify the fix, not just the version number. Confirm the guard is present in `FtpGateway.cc`, or check your distribution's backport, as distributions often ship their own builds (e.g., **Debian** packages **Squid 5.7**). There has been some inconsistency in public advisories regarding the patch. Maintainer **Amos Jeffries** initially stated **Squid 7.6** contained the fix, later correcting it to **7.7**. However, on June 22, **Debian**'s **Salvatore Bonaccorso** noted that the referenced commit appears to be already present in **7.6**. The fix itself is minor: a null-terminator check before the vulnerable `strchr` calls, merged into the development branch in April and v7 in May. It's worth noting that **Squid 7.6** also separately patches **CVE-2026-50012**, an unrelated `cache_digest` heap overflow. The most straightforward and recommended mitigation by researchers is to disable FTP entirely. Given that **Chromium** dropped FTP support years ago and most networks carry minimal FTP traffic, disabling this protocol removes the attack surface without significant operational impact, regardless of the **Squid** build in use. While the risk is real, its scope is bounded. **SUSE** rates the vulnerability as moderate with a **CVSS score of 6.5**. This score reflects the attack vector: it requires low privileges (proxy access) and impacts only confidentiality, not integrity or availability. **Calif.io** credits **Anthropic**'s **Claude Mythos Preview**, the AI model behind **Project Glasswing**, with quickly identifying the `strchr` quirk. This highlights a growing trend of AI agents uncovering complex, buried parser bugs, similar to those found elsewhere, including in **FFmpeg**. **Calif.io** hints that **Squid**'s FTP code may contain other undiscovered vulnerabilities.