top of page
perceptive_background_267k.jpg

Squid is a caching proxy for the Web. Prior to version 7.5, due to premature release of resource during expected lifetime and heap Use-After-Free bugs, Squid is…

Published:

25 March 2026 at 23:00:00

Alert date:

26 March 2026 at 21:02:16

Source:

nvd.nist.gov

Click to open the original link from this advisory

Network Infrastructure, Web Technologies

Squid caching proxy versions prior to 7.5 contain a use-after-free vulnerability in ICP traffic handling that allows remote attackers to perform reliable denial of service attacks. The vulnerability stems from premature resource release during expected lifetime and heap use-after-free bugs. The attack specifically targets Squid deployments with ICP support enabled (non-zero icp_port configuration). Standard mitigation through icp_access rules is ineffective against this vulnerability. The issue has been resolved in Squid version 7.5.

Technical details

Mitigation steps:

Affected products:

Squid

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-32748
https://github.com/squid-cache/squid/commit/703e07d25ca6fa11f52d20bf0bb879e22ab7481b
https://github.com/squid-cache/squid/security/advisories/GHSA-f9p7-3jqg-hhvq
http://www.openwall.com/lists/oss-security/2026/03/25/3

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page