Unrated severityNVD Advisory· Published Mar 26, 2026· Updated Mar 26, 2026

Squid has issues in ICP message handling

CVE-2026-33515

Description

Squid is a caching proxy for the Web. Prior to version 7.5, due to improper input validation, Squid is vulnerable to out of bounds read when handling ICP traffic. This problem allows a remote attacker to receive small amounts of memory potentially containing sensitive information when responding with errors to invalid ICP requests. This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero icp_port). This problem cannot be mitigated by denying ICP queries using icp_access rules. Version 7.5 contains a patch.

Affected products

Squid Cache/Squidllm-fuzzy2 versions
<7.5+ 1 more
- (no CPE)range: <7.5
- (no CPE)range: < 7.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/squid-cache/squid/commit/8138e909d2058d4401e0ad49b583afaec912b165mitrex_refsource_MISC
github.com/squid-cache/squid/pull/2220mitrex_refsource_MISC
github.com/squid-cache/squid/pull/2220mitrex_refsource_MISC
github.com/squid-cache/squid/security/advisories/GHSA-84p4-hcx7-jj7cmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000