HiveForce Labs · Threat Advisory · Vulnerability Report
CVE-2026-47729, dubbed Squidbleed, is a newly disclosed information disclosure vulnerability in the Squid web proxy rooted in code introduced in January 1997. A logic error in Squid's FTP gateway directory-listing parser causes an out-of-bounds read that can expose fragments of heap memory — including HTTP Authorization headers — from a shared proxy environment to a remote attacker controlling an FTP server.
bb97dd37a to accommodate NetWare FTP server formatting quirks.src/clients/FtpGateway.cc null-terminator guard). No active exploitation reported.CVE-2026-47729, dubbed Squidbleed, is a newly disclosed information disclosure flaw in the Squid web proxy that can expose sensitive data from the proxy's memory to remote attackers. Caused by a decades-old parsing bug in Squid's FTP gateway — code introduced in January 1997 — the vulnerability allows a malicious FTP server to trigger an out-of-bounds read and retrieve fragments of previously processed data, including HTTP requests and authentication headers. While exploitation requires access to a trusted proxy and an attacker-controlled FTP server, the flaw affects all Squid versions in their default configuration. Although no active attacks have been reported, the vulnerability highlights how legacy code can quietly persist for decades before exposing critical security risks.
| CVE ID | Vulnerability Name | Affected Product | Zero-Day | CISA KEV | Patch |
|---|---|---|---|---|---|
| CVE-2026-47729 | Squidbleed (Squid Proxy Memory Leak Vulnerability) | Squid Software Foundation Squid (Web Proxy) | No | No | Yes |
The flaw tracked as CVE-2026-47729, dubbed Squidbleed, is an out-of-bounds read vulnerability (CWE-125) affecting the FTP gateway component of the Squid web proxy. The issue stems from improper input validation within the FTP directory-listing parser, allowing a remote attacker to read memory beyond the intended buffer. Researchers have drawn comparisons to Heartbleed because the bug can expose fragments of process memory to a remote party through a similar read-past-the-buffer condition.
The vulnerable code dates to January 18, 1997, introduced via Squid commit bb97dd37a to accommodate the formatting quirks of NetWare FTP servers, which inserted additional spaces between timestamps and filenames in directory listings. A logic error in the parser causes it to continue scanning whitespace even after reaching the end of the string. Because the C standard treats the terminating null byte as part of the string searched by strchr(), the loop never exits as intended when it encounters the end of the input — causing it to advance beyond the allocated buffer boundary into adjacent heap memory.
An attacker can exploit the Squidbleed flaw by persuading the proxy to retrieve a directory listing from an FTP server under their control and supplying a specially crafted entry that contains only a timestamp and no filename. As the parser advances past the string boundary, it eventually reaches adjacent heap memory and interprets the contents as a filename. Squid then copies this unintended data and returns it to the attacker as part of the directory listing response — effectively leaking arbitrary heap memory to the remote attacker.
The information disclosure impact of CVE-2026-47729 is amplified by Squid's memory management design, which relies on recycled buffer pools without clearing previously used data. As a result, memory regions that once stored HTTP requests may still contain sensitive information when reused for subsequent operations. Researchers demonstrated that under certain conditions, an attacker could recover remnants of a victim's traffic passing through a shared proxy — including HTTP Authorization headers — making this a significant credential-exposure risk in shared proxy environments.
Every Squid release is considered vulnerable in its default configuration because FTP support is enabled by default and port 21 is included in the standard Safe_ports access control list. Exploitation, however, requires two prerequisite conditions: the attacker must already have permission to use the proxy, and the proxy must be able to connect outbound to an attacker-controlled FTP server. Exposure is largely limited to plaintext HTTP traffic or deployments where Squid terminates TLS, since standard HTTPS traffic passing through CONNECT tunnels remains opaque to the proxy and is not affected by this class of bug.
Although proof-of-concept code for CVE-2026-47729 has been made publicly available, there is currently no evidence of active exploitation in the wild. The vulnerability was responsibly disclosed after being reported in April 2026, making it a patched and publicly known issue. Organizations should nonetheless treat remediation as urgent given the availability of working PoC code and the sensitive nature of the data that can be recovered.
| CVE ID | Affected Products | Affected CPE | CWE ID |
|---|---|---|---|
| CVE-2026-47729 | Squid Web Proxy (all versions in default configuration prior to the upstream fix) | cpe:2.3:a:squidcache:squid:*:*:*:*:*:*:*:* |
CWE-125 |
Disable FTP Support Immediately
The most effective and immediate mitigation is to disable FTP handling in Squid entirely, which removes the CVE-2026-47729 attack surface completely without requiring a patch. Most organizations carry near-zero legitimate FTP traffic since Chromium-based browsers dropped FTP support years ago. Deny FTP via an ACL, remove port 21 from the Safe_ports ACL, and block the proxy's outbound port 21 at the firewall. This mitigation protects every build regardless of patch status.
Apply the Fix and Verify It Is Actually Present
Update to a Squid build that contains the null-terminator check in src/clients/FtpGateway.cc, but verify the fix is actually present rather than trusting a version number alone. Public reporting has been inconsistent: the Squid maintainer initially indicated the fix shipped in 7.6, then corrected that the released fix lands in 7.7 (Squid 7.6 addressed a separate vulnerability, CVE-2026-50012). Confirm the guard while (*copyFrom && strchr(w_space, *copyFrom)) is present in your build or your distribution's backport before considering the issue closed.
Audit Exposed Credentials and Rotate Secrets
Because the Squidbleed flaw silently leaks other users' HTTP request data from recycled memory buffers, assume that credentials, session tokens, and API keys transmitted in cleartext HTTP through any affected Squid proxy instance may have been exposed. Rotate potentially affected secrets, invalidate active sessions, and prioritize any service that was accessed over plain HTTP through a shared Squid proxy deployment during the exposure window.
Enforce End-to-End Encryption in Transit
Reduce the potential impact of any future Squid memory-disclosure vulnerability by ensuring all sensitive traffic uses end-to-end TLS rather than cleartext HTTP. HTTPS traffic relayed as a CONNECT tunnel is not exposed by this class of bug since the proxy cannot inspect tunnel contents. Eliminate all plain-HTTP authentication flows and migrate legacy internal applications to HTTPS to structurally reduce the data value exposed by any future proxy-level memory leak.
Do not rely on version numbers alone to confirm the Squidbleed fix. The patch for CVE-2026-47729 ships in Squid 7.7 — not 7.6, which addressed the separate CVE-2026-50012. Verify that the guard while (*copyFrom && strchr(w_space, *copyFrom)) is present in src/clients/FtpGateway.cc in your specific build or distribution backport before treating the issue as remediated.
Exploitation for Credential Access
— No sub-technique (HTTP Authorization header exposure via heap memory leak)
Steal Application Access Token
— No sub-technique (session tokens and API keys recoverable from leaked proxy memory)
Obtain Capabilities
T1588.006 — Vulnerabilities
