CVE-2026-32748

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Name of the Vulnerable Software and Affected Versions Squid versions prior to 7.5

Description Squid is a caching proxy for the Web. Versions prior to 7.5 are susceptible to a Denial of Service when handling ICP traffic due to premature resource release and heap Use-After-Free bugs. A remote attacker can perform a reliable and repeatable Denial of Service attack against the Squid service using the ICP protocol. This attack is limited to deployments that explicitly enable ICP support by configuring a non-zero icp port. Denying ICP queries using icp access rules does not mitigate this issue.

Recommendations Update to version 7.5 or later.

Exploit

Fix

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-826CWE-413CWE-416

Related Identifiers

ALSA-2026:6301

ALSA-2026:8119

ALSA-2026:8317

BDU:2026-07191

CVE-2026-32748

GHSA-F9P7-3JQG-HHVQ

MGASA-2026-0094

RHSA-2026:10255

RHSA-2026:10256

RHSA-2026:10257

RHSA-2026:11901

RHSA-2026:6301

RHSA-2026:8119

RHSA-2026:8317

RHSA-2026:8880

RHSA-2026:9220

USN-8157-1

Affected Products

Linuxmint

Red Os

Rocky Linux

Squid

Squid Cache

Ubuntu

CVE-2026-32748

Weakness Enumeration

Related Identifiers

Affected Products

References · 48