CVE-2026-32748
Squid has Denial of Service in ICP Response handling
CVSS Score
0.0
EPSS Score
1.8%
EPSS Percentile
83th
Squid is a caching proxy for the Web. Prior to version 7.5, due to premature release of resource during expected lifetime and heap Use-After-Free bugs, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable Denial of Service attack against the Squid service using ICP protocol. This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero `icp_port`). This problem _cannot_ be mitigated by denying ICP queries using `icp_access` rules. This bug is fixed in Squid version 7.5.
| CWE | CWE-413 CWE-416 CWE-826 |
| Vendor | squid-cache |
| Product | squid |
| Published | Mar 26, 2026 |
| Last Updated | Mar 26, 2026 |
Stay Ahead of the Next One
Get instant alerts for squid-cache squid
Be the first to know when new unknown vulnerabilities affecting squid-cache squid are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
squid-cache / squid
< 7.5