Back to k_rusty_j's feed
The Hacker News

29-Year-Old Squid Proxy Bug 'Squidbleed' Can Leak Cleartext HTTP Requests (opens in new tab)

Covers Squidbleed (CVE-2026-47729)Covered by 4sysops

A heap over-read in the Squid web proxy can leak another user's cleartext HTTP request, including any credentials or session tokens it carries, to anyone already allowed to send traffic through the same proxy. The bug traces to a 1997 FTP-parsing change and is still live in Squid's default configuration. Researchers at Calif.io disclosed it in June and named it Squidbleed (

Read the original article
Sign in to keep reading the full article.
Sign UpLog In

Covered in 1 article

4sysops·

Decades-old Squidbleed vulnerability leaks sensitive user data via FTP parser

Feeds

Keyboard Shortcuts

Navigation

Next / previous post
j/k
Open post
oorEnter
Preview post
v

Post Actions

Love post
a
Like post
l
Dislike post
d
Undo reaction
u
Save / unsave
s

Recommendations

Add interest / feed
Enter
Not interested
x

Go to

Home
gh
Interests
gi
Feeds
gf
Likes
gl
History
gy
Changelog
gc
Settings
gs
Discover
gb
Search
/

General

Show this help
?
Submit feedback
!
Close modal / unfocus
Esc

Press ? anytime to show this help