216.73.216.133

CVE-2026-33526

· Published 26/03/2026 01:16 · Modified 26/03/2026 15:13

Labels: CVE-2026-33526 2026-03-26CVE-2026-33526CWE-416[email protected]

Essential information

Published
26/03/2026 01:16
Modified
26/03/2026 15:13
Author
Creator
CVSS
9.2 CRITICAL (v3) 9.2 CRITICAL (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Squid is a caching proxy for the Web. Prior to version 7.5, due to heap Use-After-Free, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable Denial of Service attack against the Squid service using ICP protocol. This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero `icp_port`). This problem _cannot_ be mitigated by denying ICP queries using `icp_access` rules. Version 7.5 contains a patch.

NVD status

Status
Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
squid / squid cpe:2.3:a:squid:squid:<7.5:*:*:*:*:*:*:*

References