At a glance: A nearly 30-year-old vulnerability in the Squid Proxy allows authenticated users to read HTTP requests and credentials of other users.
A heap-over-read vulnerability in the web proxy Squid enables authenticated users to read unencrypted HTTP requests of other proxy users – including credentials and session tokens. The vulnerability stems from an FTP parser change from 1997 and persists in the default configuration to this day.
A heap-over-read in Squid allows an attacker who already has access to a Squid proxy to extract the unencrypted HTTP request of another user. In doing so, sensitive data such as login credentials or session tokens can be intercepted if transmitted in plaintext.
The root of the vulnerability lies in a change to the FTP parsing code from 1997, which has not been corrected to date. The error is active in Squid’s default configuration and is not covered by predefined security measures.
Researchers from Calif.io documented the vulnerability in June 2026 and named it Squidbleed. For a CISO, this means that every user granted access to the proxy service can potentially read requests from colleagues – particularly critical if HTTP (without TLS encryption) is used for internal services. Operators of Squid installations should review which users have direct proxy access and whether sensitive data is transmitted only over encrypted channels.
Source: thehackernews.com · Published June 22, 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.