QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2026-32748

Back to search

CVE-2026-32748

Published: Mar 26, 2026

Modified: Mar 26, 2026

PUBLISHED

Description

Squid is a caching proxy for the Web. Prior to version 7.5, due to premature release of resource during expected lifetime and heap Use-After-Free bugs, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable Denial of Service attack against the Squid service using ICP protocol. This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero `icp_port`). This problem _cannot_ be mitigated by denying ICP queries using `icp_access` rules. This bug is fixed in Squid version 7.5.

VendorProductVersions

squid-cache

squid

affected
< 7.5

Weaknesses (CWE)

CWE-413
CWE-416
CWE-826

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now