Vulnerability 'Squidbleed' Endangers HTTP Requests

A recently discovered security vulnerability in the Squid web proxy, named 'Squidbleed', could have serious implications for the security of user data. The flaw allows clear HTTP requests, including sensitive information such as login credentials and session tokens, to be passed from one user to another. This discovery was published by researchers from the company Calif.io in June 2026.

The cause of the vulnerability lies in a heap overflow, which is due to a change in FTP parsing made back in 1997. Despite the long time span, the bug remains active in the default configuration of Squid. This means that many users who use the proxy without adjustments are potentially at risk.

Technical Details of the Vulnerability

The heap overflow occurs when the Squid proxy processes data sent by a user. If another user accesses the internet through the same proxy, they may be able to view the HTTP requests of the first user. This happens because the proxy does not properly separate the requests from different users, leading to information disclosure.

The researchers from Calif.io have thoroughly investigated the vulnerability and found that it has not been fixed in the default configuration of Squid. This means that many organizations using Squid as a proxy server are unknowingly exposed to significant risk. The disclosure of login credentials and session tokens can lead to unauthorized access to user accounts and other sensitive information.

Reactions and Recommendations

The discovery of 'Squidbleed' has raised concerns in the security community. Experts warn that the vulnerability poses a serious problem not only for individuals but also for businesses relying on Squid. The possibility of third parties accessing confidential information could have severe consequences for data security.

The researchers recommend that all Squid users review their configurations and make adjustments as necessary to protect themselves from this vulnerability. It is advised to install the latest security updates and prioritize the use of HTTPS to minimize risks. Detailed guidance on how to fix the vulnerability is expected from the developers of the Squid proxy in the near future.

The 'Squidbleed' vulnerability is another example of how old software vulnerabilities can continue to pose security risks even decades after their inception. The discovery highlights the need for regular security reviews and updates in software development. The researchers from Calif.io have already taken steps to inform the public about the risks and draw attention to the need for security measures.