SquidBleed Exposes 29-Year-Old Security Flaw: Millions of Proxy Users Could Face Credential and Token Leaks (opens in new tab)

A newly disclosed vulnerability dubbed SquidBleed has sent shockwaves through the cybersecurity community after researchers revealed that the flaw has existed inside the widely used Squid Proxy software since 1997. Tracked as CVE-2026-47729, the bug can allow attackers to access fragments of sensitive data belonging to other users sharing the same proxy infrastructure, including authentication credentials, API keys, session cookies, and private HTTP requests. Security researchers compare the ...