Decades-old Squidbleed vulnerability leaks sensitive user data via FTP parser (opens in new tab)

A critical heap buffer overread vulnerability, dubbed Squidbleed, has been discovered in the widely used Squid web proxy. This flaw, tracked as CVE-2026-47729, has existed in the software's FTP directory-listing parser since 1997. The vulnerability allows a trusted client to leak internal memory from the proxy, potentially exposing cleartext HTTP requests, passwords, and API keys. <a href="