All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Security
Security
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

Squidbleed (CVE-2026-47729): 29-Year-Old Squid Proxy Vulnerability Leaks User Credentials via Heap Over-Read

By

HackMoN Ai

2h ago· 8 min readenNews

Summary

A critical vulnerability called Squidbleed (CVE-2026-47729) has been discovered in the Squid web proxy, stemming from a parser bug introduced in 1997. This Heartbleed-style heap over-read vulnerability affects default Squid configurations used in corporate networks, schools, and public Wi-Fi hotspots. It allows attackers with shared proxy access to leak other users' cleartext HTTP requests, including passwords, session tokens, and API keys, turning trusted proxy users into potential data siphoners.

Source

bskySquidbleed (CVE-2026-47729): 29-Year-Old Squid Proxy Vulnerability Leaks User Credentials via Heap Over-Readundercodetesting.com

Key quotes

· 2 pulled
A parser bug introduced in 1997 is still haunting the widely deployed Squid web proxy, enabling attackers with shared proxy access to leak another user's cleartext HTTP requests—including passwords, session tokens, and API keys.
Dubbed Squidbleed (CVE-2026-47729), this Heartbleed-style heap over-read vulnerability affects default Squid configurations across corporate networks, schools, and public Wi-Fi hotspots, turning trusted proxy users into potential data siphoners.
Snippet from the RSS feed
Squidbleed: The 29-Year-Old Proxy Vulnerability That’s Leaking Your Credentials Right Now + Video - "Undercode Testing": Monitor hackers like a pro. Get

You might also wanna read

Proof-of-Concept Exploit Released for Critical NGINX Heap Buffer Overflow (CVE-2026-42945)

A proof-of-concept exploit for CVE-2026-42945, a critical heap buffer overflow vulnerability in NGINX's ngx_http_rewrite_module that has exi

github.com·1mo ago

MongoBleed Vulnerability (CVE-2025-14847): Critical MongoDB Security Flaw Explained

MongoBleed (CVE-2025-14847) is a critical security vulnerability affecting MongoDB databases since 2017. The bug exists in the zlib1 message

bigdata.2minutestreaming.com·5mo ago

Technical Analysis of CVE-2025-53149: Heap-based Buffer Overflow in Windows Kernel Streaming Driver

Researchers discovered CVE-2025-53149, a heap-based buffer overflow vulnerability in the Windows Kernel Streaming WOW Thunk Service Driver (

crowdfense.com·9mo ago

MongoDB Security Update: Vulnerability CVE-2025-14847 ("Mongobleed") Identified in December 2025

MongoDB has identified a security vulnerability (CVE-2025-14847, informally called "Mongobleed") affecting MongoDB Server. The company outli

mongodb.com·5mo ago

Critical Buffer Overflow Vulnerability Discovered in cURL Cookie Parsing Mechanism

A security researcher discovered a critical stack-based buffer overflow vulnerability in cURL's cookie parsing mechanism that can lead to re

hackerone.com·9mo ago

Cloudflare's response to the "Copy Fail" Linux kernel vulnerability (CVE-2026-31431)

Cloudflare's security and engineering teams responded to the "Copy Fail" Linux kernel local privilege escalation vulnerability (CVE-2026-314

The Cloudflare Blog·1mo ago

Comments

Sign in to join the conversation.

No comments yet. Be the first.