What Squidbleed actually leaks

Squidbleed, tracked as CVE-2026-47729, is a heap buffer over-read in the FTP directory-listing parser of Squid, one of the most widely deployed web proxies on the internet. When Squid renders an FTP listing that is missing a filename, a whitespace-skipping loop runs one step too far and reads memory beyond the intended buffer. Because Squid recycles freed memory between requests, those stray bytes are often fragments of other users' traffic: cleartext HTTP requests carrying passwords, cookies, session tokens and API keys.

The exposure is narrower than Heartbleed but real. An attacker has to be an authorized user of a shared proxy and has to control an FTP server the proxy can reach on port 21, which points the risk at insiders and at any setup where the proxy terminates TLS. HTTPS traffic relayed as an opaque tunnel stays sealed, so the data at stake is the cleartext HTTP and TLS-terminated flows that still move through corporate proxies every day.

One line, twenty-nine years, and the AI that found it

The root cause is almost banal. The code called strchr on a string that could be empty, and the C standard says strchr treats the terminating null byte as part of the string, so the check that was meant to stop at the end of the input quietly continued past it. The offending pattern traces to a Squid commit from January 1997, which means the bug shipped in default configurations, port 21 sits in the default Safe_ports list, for twenty-nine years across countless releases, rewrites and security reviews. The fix is a single added condition, a null check before strchr, or turning FTP off entirely, which Chromium dropped years ago and almost no network still relies on.

The detail that should hold an operator's attention is who found it. Two researchers reported it independently, Pavel Kohout of Aisle Research in March 2026 and Lam Jun Rong of Calif.io in April, and the maintainers merged the fix within days, with the public advisory following on 23 June. But the original discovery came from an AI agent tasked with walking the FTP state machine, not from another human audit. The comfortable assumption that old, heavily reviewed code is safe by virtue of its age just failed a very public test, and the tool that broke it is now cheap and widely available.

What an operator should do this week

The concrete step is small: inventory every Squid instance you run, patch to a fixed release, and if you do not deliberately need FTP proxying, disable it and remove port 21 from Safe_ports. Prioritise any proxy that terminates TLS or carries cleartext HTTP for multiple users, because that is where colleagues' credentials can leak to each other. In the UK the National Cyber Security Centre treats credential exposure on shared infrastructure as a reportable class of incident, and across the EU the NIS2 regime puts the accountability for an unpatched, known flaw on named senior management rather than on the security team alone.

The larger move is to stop treating a dependency's age as evidence of its safety. A one-line bug hid for twenty-nine years in software that thousands of organisations trusted precisely because it was mature, and an AI reviewer found it in a single pass. Expect more of these dormant flaws to surface in your oldest and most trusted components, and budget for a steady stream of small, unglamorous patches rather than a single dramatic one.