A one-line bug that survived 29 years of releases, audits and rewrites in Squid — one of the internet's most widely deployed proxy servers — has been patched after three independent rediscoveries in the span of three months, including one guided by an AI model reading the code.
The bug
Squidbleed (CVE-2026-47729) is a heap buffer over-read in Squid's FTP directory-listing parser, in compatibility code for NetWare FTP servers dating to a January 18, 1997 commit. The root cause is a classic C footgun: strchr() searching for the null terminator returns a pointer to the terminator itself rather than NULL, so a whitespace-skipping loop walks past the end of the string into adjacent heap memory. Rated CVSS 7.5, it affects every version of Squid in its default configuration — FTP support is on by default and port 21 sits in the default Safe_ports ACL.
Who's exposed
An attacker who controls an FTP server reachable through a shared Squid proxy can leak fragments of other users' traffic — with cleartext HTTP requests, and the passwords, cookies and API keys inside them, as the prize. HTTPS traffic relayed as opaque CONNECT tunnels is not readable, which limits exposure to cleartext HTTP and TLS-terminating configurations — still a meaningful population across corporate networks and ISPs running shared proxies.
How it was found
Pavel Kohout of Aisle Research reported the bug first on March 4, 2026. On April 17, Lam Jun Rong of Calif.io reported it independently — after pointing Anthropic's Claude Mythos at Squid's FTP state machine under Project Glasswing, Anthropic's program for vetted critical-infrastructure defenders. Calif says the model caught the quirk almost at once, noting that "strchr(w_space, '\0') returns non-NULL per C11 §7.24.5.2." A third report, from Youssef Awad, followed on May 7. The fix — a two-line null check — was merged in April, shipped in Squid 7.6 on June 8, and covered by an official advisory on June 23.
The fix and the lesson
Beyond patching, Calif's recommendation is blunt: turn FTP off. Chromium-based browsers dropped FTP years ago, and most networks carry almost none of it. The episode echoes recent AI-assisted finds in FFmpeg and elsewhere — buried parser bugs in legacy protocol code, invisible to humans for decades, surfacing in months once AI joins the audit.
