THE page details the critical Squidbleed vulnerability (CVE-2026-47729) affecting the Squid web proxy, which exposes user HTTP requests, including sensitive data like passwords and session tokens. Discovered by Calif.io, this issue has existed since 1997 and is significant for shared network environments where many users may be affected. The vulnerability arises from a flaw in Squid's FTP directory-listing parser, which can leak data when a specific exploit is used.
A fix has been implemented in later Squid versions, but affected users should also consider disabling FTP support to mitigate risks. The issue has a moderate CVSS score of 6.5.