Use After Free in Squid-cache Squid

CVE-2026-33526

Squid is a caching proxy for the Web. Prior to version 7.5, due to heap Use-After-Free, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable Denial o…

Vulnerability class: Use-After-Free

EPSS: 0.014 (80.7th percentile) — read the EPSS interpretation.

Affected products

Squid-cache Squid — versions < 7.5

Weakness classification (CWE)

References

https://github.com/squid-cache/squid/security/advisories/GHSA-hpfx-h48q-gvwg (x_refsource_CONFIRM)
https://github.com/squid-cache/squid/commit/8a7d42f9d44befb8fcbbb619505587c8de6a1e91 (x_refsource_MISC)