A newly discovered vulnerability in the Squid Proxy, named 'Squidbleed', allows attackers to leak user credentials and sensitive data due to a memory leak flaw present since 1997. This issue, identified as CVE-2026-47729, stems from improper handling of memory when no filename is provided after modification timestamps, causing it to read past memory boundaries. The vulnerability affects environments using Squid in public and corporate networks, where cleartext HTTP traffic may expose sensitive information.
A patch was released, but disabling FTP support can immediately mitigate the risk. Researchers utilized AI tools to identify the flaw quickly.