Safety researchers at Calif.io have disclosed a reminiscence leak vulnerability in Squid Proxy that has existed within the software program since 1997.Â
Squid is a broadly used open supply net proxy that may cut back bandwidth and enhance response occasions through caching. Squid helps HTTP, HTTPS, FTP, and different protocols.
Calif researchers found that Squid is affected by a vulnerability that’s much like the infamous OpenSSL vulnerability generally known as Heartbleed, which is why they’ve dubbed it Squidbleed.
Formally tracked as CVE-2026-47729, the vulnerability causes Squid’s FTP parser to learn past the boundary of a reminiscence buffer, right into a area that will comprise a earlier consumer’s uncleared HTTP request knowledge.
Exploitation requires the attacker to manage an FTP server reachable from the proxy. Squidbleed poses the largest danger in shared proxy environments, corresponding to company networks, colleges, and public Wi-Fi hotspots, the place a number of customers could route visitors through the identical Squid occasion.Â
An attacker with entry to such a community might silently siphon HTTP request knowledge belonging to different customers, doubtlessly capturing authentication credentials, session tokens, and API keys.Â
The publicity is proscribed to cleartext HTTP visitors and deployments the place Squid terminates TLS. Commonplace HTTPS connections relayed as opaque Join tunnels should not affected. Whereas that reduces the general assault floor, delicate credentials can nonetheless journey in cleartext HTTP in lots of enterprise and legacy environments.
The vulnerability was found with the help of Anthropic’s Claude Mythos AI mannequin.
A patch was merged into Squid model 8 in April 2026 and shipped in model 7.6 in June 2026. The chance will be mitigated by disabling FTP assist fully if it’s not wanted.
Calif researchers additionally not too long ago discovered a high-severity vulnerability in OpenSSL and a DoS assault approach known as HTTP/2 Bomb, which permits an attacker to shortly knock net servers offline. Each vulnerabilities have been found utilizing AI.Â
Associated: Attackers Exploit Gravity SMTP Plugin Flaw to Harvest Priceless WordPress Knowledge
Associated: Splunk Enterprise Vulnerability Exploited in Assaults Days After Disclosure
Associated: Majority of Web-Accessible REDCap Servers Outdated
