AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

Decades-Old Squid Proxy Flaw ‘Squidbleed’ Can Expose User Data

infonews

security

Source: SecurityWeekJune 22, 2026

Summary

Squidbleed is a memory leak vulnerability (a flaw where a program accidentally exposes data stored in computer memory) in Squid Proxy, a widely used caching tool that has existed since 1997. An attacker controlling an FTP server could trick Squid into reading beyond its allocated memory space and expose HTTP request data from other users on the same proxy, potentially revealing passwords and authentication tokens, especially in shared network environments like schools or offices. The vulnerability primarily affects unencrypted HTTP traffic and poses the biggest risk where multiple users share a single Squid instance.

Solution / Mitigation

A patch was merged into Squid version 8 in April 2026 and shipped in version 7.6 in June 2026. The risk can also be mitigated by disabling FTP support entirely if it is not needed.

Classification

Attack SophisticationModerate

Affected Vendors

Monthly digest — independent AI security research

Original source: https://www.securityweek.com/decades-old-squid-proxy-flaw-squidbleed-can-expose-user-data/

First tracked: June 22, 2026 at 02:00 PM

Classified by LLM (prompt v3) · confidence: 95%