Squidbleed leaks plaintext HTTP since 1997, fixed June 8 in Squid v7.6

Here’s the part that should make every network and security leader sit up: “Squidbleed” is a memory leak in Squid that can silently expose plaintext HTTP requests, potentially including passwords and API keys, for decades. The bug was injected into the open-source code in 1997, and it wasn’t reliably detected until a security researcher recently dug it up with help from Anthropic’s Claude Mythos Preview.

The fix is now real and time-stamped. Rong reported the issue as CVE-2026-47729 to Squid maintainers back in April, and the project shipped a patched version as Squid v7.6 released June 8. If your organization still runs older Squid, you need to treat this like a “get it updated today” item, not a “schedule it for next quarter” item.

To understand why this lingered, you have to look at how Squid is used and how the bug triggers. Squid is widely deployed by large corporations, schools, and internet service providers to cache, filter, and monitor network traffic. The vulnerability can leak internal memory from every version of Squid in its default configuration, but only when two specific conditions are met. First, Squid must be in a position to read and inspect cleartext HTTP traffic (meaning HTTP, not HTTPS) or deployed in a TLS-terminating setup. Second, Squid must be able to reach an attacker-controlled FTP server on TCP port 21.

FTP is old. The protocol for moving files between machines has largely been retired by mainstream browsers, and Chromium-based browsers stopped supporting it years ago. That matters because it changes the practical exposure curve. Rong’s write-up argues that most organizations running Squid are getting close to zero legitimate FTP traffic, which means disabling FTP can remove the entire attack surface for free. In other words, the vulnerability’s reach may be narrower in the real world than the code’s age suggests, but the narrowness is exactly why it stayed under the radar.

So what actually breaks? Rong traced the problem to Squid’s FTP directory listing parser, specifically a corner case tied to how strings are scanned in memory. The issue was introduced by a commit from 1997, bb97dd37a, written to support old NetWare servers. NetWare FTP servers added extra whitespace between the modification timestamp and the filename. The 1997 change instructed the parser to skip extra whitespace using a loop: while (strchr(w_space, *copyFrom)) ++copyFrom; In the Mythos Preview analysis, the exploit scenario is straightforward: if an attacker-controlled FTP server does not provide a filename after the modification timestamp, copyFrom ends up pointing at the terminating NUL character at the end of the string.

That’s where the “Heartbleed-like” part earns its billing. Rong explains that strchr treats the terminating NUL as part of the string it searches, so it returns a pointer instead of NULL. The loop then never stops, walking off the end of the buffer. From there, xstrdup copies whatever follows back to the attacker as a “filename,” creating a heap overread. If Squid was also handling plaintext HTTP requests at the time, the overread can include sensitive data like credentials and session tokens. Rong demonstrated this behavior in a proof of concept.

For executives, the second-order question is not “is this scary?” It’s “how fast can we reduce blast radius while we patch?” This flaw is fixable in code, but operationally, your exposure depends on your traffic mix (HTTP vs HTTPS or TLS-terminating setups) and your FTP behavior. If you cannot instantly upgrade, turning off FTP in Squid is a high-leverage mitigation because Rong notes that disabling FTP removes the entire attack surface. That is the kind of clean control that tends to matter to boards because it’s simple to understand, and it limits escalation risk while engineering catches up.

Also, there is a broader signal here about how vulnerabilities get found now. Rong worked with Anthropic’s Claude Mythos Preview to investigate the bug, and Rong’s research is connected to earlier work that involved OpenAI’s Codex agent. The Reg notes that OpenAI also collaborated with the AI bug-finding firm on its Patch the Planet initiative, announced on Monday. You do not need to buy into the hype to see the pattern: AI-assisted discovery is accelerating what human-only teams miss, especially in deep legacy codepaths like parsers added for discontinued platforms.

The strategic stakes are clear for every security and infrastructure leader who relies on proxies, caching, or inspection. Squid sits in the middle of network traffic, and memory bugs in middlebox software do not just create crashes. They can turn ordinary browsing into a quiet data spill. With CVE-2026-47729 now fixed in Squid v7.6 (June 8), the job is to make sure your environment is not one of the “nearly 10 years ago” versions a researcher found while attempting to connect on a flight. Patch quickly, disable FTP unless there is a specific unusual need, and treat memory overreads as credentials events waiting to happen.