Loading
Generated remediation guidance and an executive summary. No account required.
Squid is a caching proxy for the Web. Prior to version 7.5, due to premature release of resource during expected lifetime and heap Use-After-Free bugs, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable Denial of Service attack against the Squid service using ICP protocol. This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero `icp_port`). This problem _cannot_ be mitigated by denying ICP queries using `icp_access` rules. This bug is fixed in Squid version 7.5.
Cite this page
CVE-2026-32748. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2026-32748
Use CWE-413, Squid-Cache vendor hub and Squid product page to widen CVE-2026-32748 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2025-62168, CVE-2025-54574 and CVE-2026-33526 for nearby disclosures in the same product family.