A 29-year-old heap over-read vulnerability in the Squid web proxy, dubbed ‘Squidbleed’, allows any user already permitted to send traffic through a shared proxy to read another user’s cleartext HTTP requests, including credentials and session tokens. The flaw originates from a 1997 FTP-parsing change and remains exploitable in Squid’s default configuration today. Exposure is broad given Squid’s widespread use as a forward proxy in enterprise and cloud environments.

Security Architect’s Take: Audit all environments running Squid as a shared forward proxy — particularly where multiple tenants or workloads share the same proxy instance — and apply vendor patches or mitigations immediately; if no patch is yet available, consider restricting Squid to single-tenant deployments or replacing it with an alternative until a fix is confirmed.

Original advisory: 29-Year-Old Squid Proxy Bug ‘Squidbleed’ Can Leak Cleartext HTTP Requests