Researchers at Calif.io have disclosed CVE-2026-47729, dubbed Squidbleed, a heap buffer over-read in the FTP gateway of every version of Squid Web Cache in its default configuration. The bug’s origin traces to a commit from January 1997 and survived nearly three decades of code reviews without detection. A proof-of-concept is publicly available.

What Happened

Squidbleed was uncovered during a low-level audit of Squid’s legacy protocol handlers. The whitespace-skipping logic in FtpGateway.cc calls strchr() to scan forward through an FTP directory listing while advancing a copyFrom pointer — but it never checks whether *copyFrom is the null terminator before calling strchr. When a malicious FTP server returns a truncated directory listing that omits the filename field after the timestamp, the parser advances past the intended buffer boundary and copies adjacent heap memory into the rendered FTP response. The attacker reads that leaked memory off the wire.

The root fix is a one-character guard: replacing while (strchr(w_space, *copyFrom)) with while (*copyFrom && strchr(w_space, *copyFrom)). That single null check was merged to the development branch in April 2026 and to the v7 stable branch in May.

Affected Versions and Exploitation Requirements

Squidbleed affects all Squid versions in a default installation. FTP support is enabled by default; port 21 is included in the Safe_ports ACL without any configuration change, so no non-default flags are needed to reach the vulnerable code path.

Exploitation requires two things:

  1. Trusted proxy access — the attacker must already be an authorized user of the shared Squid instance (i.e., their requests are not blocked by Squid’s ACLs).
  2. Control of an FTP server reachable from the proxy — the attacker directs the proxy to fetch from a crafted FTP server that returns the triggering directory listing, causing the proxy to read heap memory it should not return.

When those conditions are met, the attacker receives leaked heap chunks containing fragments of other users’ recent HTTP requests — plaintext request lines, Authorization: headers, Cookie: headers, API keys, and session tokens.

Impact

The most exposed deployments are enterprise forward proxies, ISP transparent proxies, and caching appliances where multiple users share a single Squid instance, and where at least some traffic is cleartext HTTP or a TLS-terminating setup where Squid decrypts and re-encrypts. HTTPS tunneled as opaque CONNECT is not affected — Squid only sees the encrypted payload and never renders it into heap memory that the FTP gateway can reach.

The practical risk mirrors Heartbleed’s model: a low-privilege insider or any compromised internal host with proxy access can repeatedly poll an attacker-controlled FTP server to bleed fragments of adjacent users’ sessions until high-value tokens accumulate. No active credential brute-force is needed; the proxy does the work.

Patch Status and What to Do Now

The patch is not yet in a stable Squid release. Initial reports incorrectly stated that Squid 7.6 contained the fix; maintainer Amos Jeffries subsequently clarified that 7.6 addressed a separate issue (CVE-2026-50012) and the Squidbleed fix is targeted for Squid 7.7. Distribution backports may ship earlier — check your vendor’s advisory.

Immediate mitigations:

  • Disable FTP in Safe_ports — add http_access deny !Safe_ports and remove acl Safe_ports port 21 from squid.conf. Chromium dropped FTP support years ago and most enterprise networks carry no legitimate FTP proxy traffic. This eliminates the attack surface entirely.
  • Restrict outbound FTP — if FTP is operationally required, restrict which internal hosts can originate ftp:// requests via ACL and limit which external servers Squid will contact.
  • Rotate exposed secrets — if your proxy terminates TLS and serves mixed HTTP/HTTPS traffic, treat any credentials transiting the proxy since your earliest affected Squid version as potentially leaked and rotate them.
  • Review logs for anomalous ftp:// activity — repeated requests to unfamiliar FTP hosts from a small set of internal clients are an indicator of exploitation.
  • Verify the patch before upgrading — confirm the fixed line while (*copyFrom && strchr(w_space, *copyFrom)) is present in src/FtpGateway.cc before declaring a build covered.

References