AI synthesis The Squidbleed vulnerability, a 29-year-old heap over-read in Squid Proxy, exposes cleartext HTTP requests, including credentials and tokens, to other proxy users.
What changed
Every report remains linked to its original publisher.
A heap over-read in the Squid web proxy can leak another user's cleartext HTTP request, including any credentials or session tokens it carries, to anyone already allowed to send traffic through the same proxy. The bug traces to a 1997 FTP-parsing change and is still live in Sq...
Squidbleed is a 29-year-old Squid Proxy flaw that can leak credentials, tokens, and other users’ HTTP data through a memory overread. Researchers at Calif.io have disclosed CVE-2026-47729, a memory leak vulnerability in Squid Proxy that was introduced in 1997 and has remained ...