CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 22, 2026

Decades-Old Squid Proxy Flaw ‘Squidbleed’ Can Expose User Data

Security Week Archived Jun 22, 2026 ✓ Full text saved

Squidbleed, discovered with the aid of Claude Mythos Preview, has been described as a Heartbleed-style vulnerability. The post Decades-Old Squid Proxy Flaw ‘Squidbleed’ Can Expose User Data appeared first on SecurityWeek .

Full text archived locally
✦ AI Summary · Claude Sonnet


    Security researchers at Calif.io have disclosed a memory leak vulnerability in Squid Proxy that has existed in the software since 1997.  Squid is a widely used open source web proxy that can reduce bandwidth and improve response times via caching. Squid supports HTTP, HTTPS, FTP, and other protocols. Calif researchers discovered that Squid is affected by a vulnerability that is similar to the notorious OpenSSL vulnerability known as Heartbleed, which is why they have dubbed it Squidbleed. Officially tracked as CVE-2026-47729, the vulnerability causes Squid’s FTP parser to read beyond the boundary of a memory buffer, into a region that may contain a previous user’s uncleared HTTP request data. Exploitation requires the attacker to control an FTP server reachable from the proxy. Squidbleed poses the biggest risk in shared proxy environments, such as corporate networks, schools, and public Wi-Fi hotspots, where multiple users may route traffic via the same Squid instance.  An attacker with access to such a network could silently siphon HTTP request data belonging to other users, potentially capturing authentication credentials, session tokens, and API keys.  The exposure is limited to cleartext HTTP traffic and deployments where Squid terminates TLS. Standard HTTPS connections relayed as opaque Connect tunnels are not affected. While that reduces the overall attack surface, sensitive credentials can still travel in cleartext HTTP in many enterprise and legacy environments. The vulnerability was discovered with the aid of Anthropic’s Claude Mythos AI model. A patch was merged into Squid version 8 in April 2026 and shipped in version 7.6 in June 2026. The risk can be mitigated by disabling FTP support entirely if it’s not needed. Calif researchers also recently found a high-severity vulnerability in OpenSSL and a DoS attack technique called HTTP/2 Bomb, which allows an attacker to quickly knock web servers offline. Both vulnerabilities were discovered using AI.  Related: Attackers Exploit Gravity SMTP Plugin Flaw to Harvest Valuable WordPress Data Related: Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure Related: Majority of Internet-Accessible REDCap Servers Outdated WRITTEN BY Eduard Kovacs Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering. More from Eduard Kovacs Cisco to Acquire WideField Security to Boost Splunk’s Agentic SOC Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure Accenture to Acquire Majority Stake in Dragos, All of runZero, NetRise in $4.1 Billion OT Cybersecurity Push Rokarolla Banking Trojan Targets 200 Applications SailPoint to Acquire Entro in Reported $200 Million Deal Kodak Admits Data Breach After ShinyHunters Hack Claims 1Password Acquires Apono in Reported $250M-$300M Deal Rockwell Automation Patches Vulnerabilities in ICS Controllers and Software Latest News Attackers Exploit Gravity SMTP Plugin Flaw to Harvest Valuable WordPress Data North Korean Hackers Blamed for Mastra NPM Supply Chain Attack What the Latest ShinyHunters Breaches Reveal About Modern Cyberattacks New Exploit Bypasses Apple’s Boot Defenses, Affects Millions of iPhones Fortinet Responds to FortiBleed Campaign More Cybersecurity Firms Disclose Impact From Klue Hack Texas Parks & Wildlife Data Breach Affects 3 Million Individuals French President Urges US to Share Cutting-Edge AI and Democracies to Cooperate on Regulation Trending Webinar: How Modern Breaches Bypass MFA And Evade Detection June 17, 2026 Today’s attackers are no longer breaking in — they’re logging in. Join this live webinar as we break down the modern identity attack chain and examine how recent breaches exploited weaknesses in authentication, identity verification, and access management processes. Register Webinar: Modern Exposure Validation In The AI Era June 24, 2026 AI has accelerated both sides of the fight. Adversaries are weaponizing vulnerabilities faster, while defenders are racing to ship detections and configurations. Join this live webinar as we explore how to prove your controls actually hold against new threats, map your security maturity, and unite breach simulation with automated pentesting into a single, coordinated program. Register People on the Move SolarWinds has appointed Justin Henkel as Chief Information Security Officer. J. Paul Haynes has joined Cinchy as Chief Executive Officer. Hatem Naguib has become Chief Executive Officer at Sysdig. More People On The Move Expert Insights What The Latest ShinyHunters Breaches Reveal About Modern Cyberattacks Groups like ShinyHunters are demonstrating that attackers do not necessarily need malware or zero-day exploits to cause massive damage. (Torsten George) No Exploits Required Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures. (Tod Beardsley) After AI Reaches Production: 12 Ways Security Teams Can Take Control Security teams need more than visibility into AI applications, they need a repeatable framework for monitoring, investigating, and defending them in production. (Joshua Goldfarb) Everybody Is Vibe Coding But Nobody Told The Security Team AI-driven development is not something organizations can or should block. But it must be governed. (Danelle Au) The Zero-Knowledge Threat Actor And The End Of Responsible Disclosure AI can help attackers generate malware, create malicious payloads, bypass simple security checks, and convert vague malicious intent into functional code. (Etay Maor) Flipboard Reddit Whatsapp Email
    💬 Team Notes
    Article Info
    Source
    Security Week
    Category
    ◇ Industry News & Leadership
    Published
    Jun 22, 2026
    Archived
    Jun 22, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗