Skip to main content
Mallory
Back to vulnerabilities
Unrated

Heap-based Buffer Overflow in Squid cache_digest reply handling

IdentifiersCVE-2026-50012CWE-20

CVE-2026-50012 is an improper input validation vulnerability in Squid that affects cache digest processing. When Squid sends cache_digest request messages, a trusted peer/server can respond with maliciously crafted replies that trigger a heap-based buffer overflow in the receiving Squid instance. The issue is specifically described as a heap-based buffer overflow caused by insufficient validation of input associated with cache_digest replies. The vulnerability is limited to Squid builds compiled with the --enable-cache-digests option. Public reporting indicates the issue was fixed in Squid 7.6, with an associated patch published in the squid-cache repository as commit 19fcfe922717c8b255270c032dcde4071c003bcd.

Share:
For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial
ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation can corrupt heap memory in the Squid process, leading to process instability or a crash and resulting in denial of service for the proxy. Because this is a heap-based buffer overflow in network-reachable message handling, exploitation may also create conditions for arbitrary code execution in the context of the Squid process, although the provided sources describe that outcome as potential rather than confirmed.

Mitigation

If you can’t patch tonight, do this now.

If immediate upgrade is not possible, reduce exposure by disabling or avoiding cache digest functionality and rebuilding Squid without the --enable-cache-digests option, since the vulnerability is limited to such builds. Limit trust relationships and network reachability to peer or upstream servers that can send cache_digest replies, allowing only explicitly trusted systems. Monitor Squid for crashes or anomalous behavior associated with digest exchanges until remediation is complete.

Remediation

Patch, then assume compromise.

Upgrade Squid to version 7.6 or later, which contains the fix for CVE-2026-50012. Where change control requires patch review, apply the upstream fix associated with squid-cache commit 19fcfe922717c8b255270c032dcde4071c003bcd. Ensure all deployed Squid instances, especially peering or digest-enabled builds, are updated consistently.
PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

ACTIVITY FEED

Recent activity

7 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

7 SOURCESView more in app
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.
Start free trial
Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity6

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES
MITRE CVE
cve.org · CVE-2026-50012
NVD
nvd.nist.gov/vuln/detail/CVE-2026-50012
MITRE CWE · CWE-20
cwe.mitre.org