Squidbleed: 29-year-old Squid FTP gateway leaks heap memory (CVE-2026-47729)

The Squid project published advisory SQUID-2026:4 / GHSA-8c37-pxjq-qwrg on June 23, 2026 for CVE-2026-47729 — a heap out-of-bounds read in the FTP gateway that leaks raw memory from unrelated transactions to a controlled FTP server. CVSS 6.5 (Moderate). Discovered by Pavel Kohout (Aisle Research), Lam Jun Rong (Calif.io), and Youssef Awad (CTF.ae). Fixed by Alex Rousskov (The Measurement Factory). Researchers branded the bug Squidbleed because of its Heartbleed-style cross-tenant memory disclosure.

A second advisory landed the same day — SQUID-2026:5 / GHSA-5vmx-9x64-9284 for CVE-2026-50012, a heap buffer overflow in cache_digest reply handling (CVSS 5.5). Both ship in the same release.

What's affected

Per the upstream advisory, all Squid versions before 7.6 are vulnerable in default builds:

• Squid 3.x through 3.5.27
• Squid 4.x through 4.17
• Squid 5.x through 5.9
• Squid 6.x through 6.14
• Squid 7.x through 7.5

Fix: Squid 7.6.

The flaw lives in code that has been in the tree since commit bb97dd37a from January 18, 1997 — 29 years untouched. The upstream patch is a two-line null-check in src/clients/FtpGateway.cc (commit 865a131c).

The bug

Squid's FTP gateway parses LIST responses to render directory listings for clients. The parser walks past the date field by calling strchr(w_space, copyFrom) to skip whitespace. When the listing line ends abruptly after the timestamp — no filename — copyFrom lands on the string's terminating NUL. strchr treats NUL as part of the searchable set and returns a pointer instead of NULL. The loop never terminates. xstrdup then copies whatever follows the buffer back to the requesting client as the "filename" — including memory from prior, unrelated requests still in the heap.

For a multi-tenant Squid (corporate proxy, school network, public Wi-Fi gateway), that "memory from prior requests" is HTTP Authorization headers, session cookies, API tokens, and request bodies of users sharing the proxy. HTTPS via CONNECT is opaque to Squid and stays safe; cleartext HTTP and TLS-terminating setups are the exposed surface.

Trigger requires only a trusted client (anyone allowed to fetch through the proxy) and an attacker-controlled FTP server the client can be coaxed to reach. A poisoned HTML page that loads ftp://attacker.tld/ resources is sufficient.

Exploitation status

No public reports of in-the-wild exploitation at time of writing. No public PoC has been published either, but the primitive — controlled FTP listing → cross-tenant heap dump — is straightforward enough that working exploit code is a question of when, not whether. Anyone running a shared Squid that serves cleartext HTTP should treat this as a hard deadline, not a "moderate".

Action checklist

1. Upgrade to Squid 7.6 today if you maintain a multi-tenant or internet-reachable Squid. Both CVE-2026-47729 and CVE-2026-50012 ship in this release. Source tarballs are at www.squid-cache.org.
2. Distro packagers: Debian/Ubuntu/RHEL backports typically lag upstream by days to weeks. Check your vendor's security tracker before assuming apt upgrade closes this — and apply the upstream patch manually if your repo is still on 6.x or earlier.
3. If you can't patch immediately, disable FTP in squid.conf as the advisory recommends:

   acl FTP proto FTP
   http_access deny FTP !ftp_allowlist
   

   Restricting FTP to a small allowlist of known-clean servers removes the attacker-controlled-server precondition.
4. For CVE-2026-50012 (cache_digest): audit cache_peer configurations. Add no-digest to any peer you don't fully control; the cache-digest path only triggers on builds compiled with --enable-cache-digests receiving replies from a trusted-but-malicious peer.
5. If your Squid terminates TLS (the https_port decrypting forward-proxy pattern common in enterprise web filtering), assume any user request routed through the proxy in the last week is potentially exposed in memory dumps. Rotate any tokens or cookies that may have transited the proxy before the upgrade.
6. Hunt for outbound FTP from your Squid hosts to unexpected IPs as a soft IoC. Inbound exploitation requires Squid to reach an attacker-controlled server; egress NetFlow that shows new FTP connections in the days before this disclosure is worth a closer look.

Context

Squidbleed is the second multi-year-old proxy parser bug to surface in 2026 with cross-tenant data-leak consequences, after the spring round of nginx HTTP/3 fixes. Long-stable C parsers shipped before bounds-checking discipline became table-stakes remain a productive surface for memory-disclosure auditing — and AI-assisted code review is making that audit considerably cheaper to run at scale.

A coda on the version question: there was brief public confusion about whether the patch ships in 7.6 or 7.7. The Squid project's GitHub Security Advisory GHSA-8c37-pxjq-qwrg — the authoritative upstream channel — states 7.6. Operators running anything earlier than 7.6 should treat themselves as vulnerable regardless of which oss-sec follow-up they read.