Mythos discovers 'Squidbleed,' a memory leak that's gone undetected since Clinton era
A 29-year-old memory leak vulnerability named Squidbleed was discovered in the Squid open-source caching proxy server. The flaw leaks internal memory, including plaintext HTTP requests and sensitive data such as credentials and session tokens, when Squid handles cleartext HTTP traffic and connects to an attacker-controlled FTP server. The vulnerability stems from a 1997 code commit related to FTP directory listing parsing and was fixed in Squid version 7.6 released in June 2026. Disabling FTP support in Squid is recommended to eliminate the attack surface.
AI Analysis
Technical Summary
Squidbleed (CVE-2026-47729) is a memory leak vulnerability in the Squid proxy server caused by a flaw in the FTP directory listing parser introduced in 1997. The bug triggers a heap overread when Squid processes FTP directory listings lacking a filename after the modification timestamp, leaking internal memory contents to an attacker. This affects all versions of Squid in default configuration that handle cleartext HTTP traffic and can reach an attacker-controlled FTP server on TCP port 21. The vulnerability was reported in April 2026 and fixed in Squid v7.6 released on June 8, 2026. The root cause is a loop that fails to properly detect the end of the string, causing memory beyond the buffer to be copied and leaked. Disabling FTP support in Squid is advised as most environments no longer require it.
Potential Impact
The vulnerability allows attackers to leak internal memory from the Squid proxy server, including plaintext HTTP requests that may contain sensitive information such as passwords, API keys, and session tokens. This can lead to unauthorized disclosure of confidential data. The flaw affects all Squid versions in default configuration that process cleartext HTTP traffic and have FTP access to attacker-controlled servers. There is no indication of known exploits in the wild as of the report date.
Mitigation Recommendations
A fix for this vulnerability is available in Squid version 7.6, released on June 8, 2026. Users should upgrade to this version or later to remediate the issue. Additionally, it is recommended to disable FTP support in Squid unless there is a specific and unusual need for it, as this removes the entire attack surface related to this vulnerability. Since FTP is largely deprecated and unsupported by modern browsers, disabling it is a low-impact mitigation.
Mythos discovers 'Squidbleed,' a memory leak that's gone undetected since Clinton era
Description
A 29-year-old memory leak vulnerability named Squidbleed was discovered in the Squid open-source caching proxy server. The flaw leaks internal memory, including plaintext HTTP requests and sensitive data such as credentials and session tokens, when Squid handles cleartext HTTP traffic and connects to an attacker-controlled FTP server. The vulnerability stems from a 1997 code commit related to FTP directory listing parsing and was fixed in Squid version 7.6 released in June 2026. Disabling FTP support in Squid is recommended to eliminate the attack surface.
Reddit Discussion
Twenty-nine years old! I maintain that while LLMs are going to make zero-days more common, in the long run they'll lead to better security - better to know about the flaws and fix them than to have them linger. Security by obscurity - never works!
Links cited in this discussion
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Squidbleed (CVE-2026-47729) is a memory leak vulnerability in the Squid proxy server caused by a flaw in the FTP directory listing parser introduced in 1997. The bug triggers a heap overread when Squid processes FTP directory listings lacking a filename after the modification timestamp, leaking internal memory contents to an attacker. This affects all versions of Squid in default configuration that handle cleartext HTTP traffic and can reach an attacker-controlled FTP server on TCP port 21. The vulnerability was reported in April 2026 and fixed in Squid v7.6 released on June 8, 2026. The root cause is a loop that fails to properly detect the end of the string, causing memory beyond the buffer to be copied and leaked. Disabling FTP support in Squid is advised as most environments no longer require it.
Potential Impact
The vulnerability allows attackers to leak internal memory from the Squid proxy server, including plaintext HTTP requests that may contain sensitive information such as passwords, API keys, and session tokens. This can lead to unauthorized disclosure of confidential data. The flaw affects all Squid versions in default configuration that process cleartext HTTP traffic and have FTP access to attacker-controlled servers. There is no indication of known exploits in the wild as of the report date.
Mitigation Recommendations
A fix for this vulnerability is available in Squid version 7.6, released on June 8, 2026. Users should upgrade to this version or later to remediate the issue. Additionally, it is recommended to disable FTP support in Squid unless there is a specific and unusual need for it, as this removes the entire attack surface related to this vulnerability. Since FTP is largely deprecated and unsupported by modern browsers, disabling it is a low-impact mitigation.
Technical Details
- Source Type
- Subreddit
- cybersecurity
- Reddit Score
- 0
- Discussion Level
- minimal
- Content Source
- reddit_link_post
- Post Type
- link
- Domain
- null
- Newsworthiness Assessment
- {"score":27,"reasons":["external_link","established_author","very_recent"],"isNewsworthy":true,"foundNewsworthy":[],"foundNonNewsworthy":[]}
- Has External Source
- true
- Trusted Domain
- false
Threat ID: 6a3add54eed863c81e82dd86
Added to database: 06/23/2026, 19:24:04 UTC
Last enriched: 06/23/2026, 19:24:11 UTC
Last updated: 06/24/2026, 01:09:02 UTC
Views: 9
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.