High

Squid Denial of Service via crafted ICP traffic

IdentifiersCVE-2026-32748CWE-416· Use After Free

CVE-2026-32748 is a denial-of-service vulnerability in Squid's handling of ICP (Internet Cache Protocol) traffic. In Squid versions prior to 7.5, premature release of a resource during its expected lifetime leads to heap use-after-free conditions while processing ICP requests. A remote attacker can send crafted ICP traffic to trigger the flaw and reliably, repeatedly crash or otherwise disrupt the Squid service. The issue is limited to deployments that explicitly enable ICP support via a non-zero icp_port. Advisory material notes that affected release lines include Squid 3.x through 7.4.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation allows a remote, unauthenticated attacker to cause a reliable and repeatable denial of service against the Squid proxy service over the network using ICP traffic. The documented impact is loss of availability of the Squid service. Although an oss-security discussion noted that heap use-after-free bugs can sometimes have broader consequences, the provided advisory content specifically characterizes this issue as denial of service.

Mitigation

If you can’t patch tonight, do this now.

If immediate patching is not possible, disable ICP support. Squid's advisory recommends not enabling ICP and explicitly setting icp_port 0 as a workaround. icp_access rules are not an effective mitigation for this issue; denying ICP queries with icp_access does not prevent exploitation. Administrators can verify whether ICP is enabled by checking for a non-zero ICP-related port in the active configuration.

Remediation

Patch, then assume compromise.

Upgrade Squid to version 7.5 or later, which contains the fix for this vulnerability. For environments using vendor-packaged builds, obtain and apply the vendor-provided update that incorporates the upstream fix. The provided references also identify a fixing change in Squid commit 703e07d25ca6fa11f52d20bf0bb879e22ab7481b for the Squid 7 branch.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

Squid-CacheSquidapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

14 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

14 SOURCESView more in app

cvefeed high severityNews

Mar 26, 2026

CVE-2026-32748 - Squid has Denial of Service in ICP Response handling

A denial-of-service vulnerability in Squid caused by premature resource release and heap use-after-free issues when handling ICP traffic; it affects deployments with ICP support enabled.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity10