Two high-severity Denial of Service vulnerabilities (CVE-2026-32748 and CVE-2026-33526, CVSS 7.5) in Squid affect versions prior to 7.5, triggered by crafted ICP traffic including a heap use-after-free condition. The fixed version is Squid 7.5. Red Hat has released patched packages for its supported Enterprise Linux 9.6 EUS distributions.
Red Hat Product Errata RHSA-2026:9220 - Security Advisory Issued: 2026-04-21 Updated: 2026-04-21 RHSA-2026:9220 - Security Advisory Overview Updated Packages Synopsis Important: squid security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for squid is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Squid is a high-performance proxy caching server for web clients, supporting FTP, and HTTP data objects. Security Fix(es): squid: Squid: Denial of Service via heap Use-After-Free vulnerability in ICP handling (CVE-2026-33526) Squid: Squid: Denial of Service via crafted ICP traffic (CVE-2026-32748) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64 Red Hat Enterprise Linux Server - AUS 9.6 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.6 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.6 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.6 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.6 s390x Fixes BZ - 2451574 - CVE-2026-33526 squid: Squid: Denial of Service via heap Use-After-Free vulnerability in ICP handling BZ - 2451577 - CVE-2026-32748 Squid: Squid: Denial of Service via crafted ICP traffic CVEs CVE-2026-32748 CVE-2026-33526 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 SRPM squid-5.5-19.el9_6.3.src.rpm SHA-256: 0dd2a8ae5683dee7fa9e111dea7c93fc8596905608fcf710e1744176946677b7 x86_64 squid-5.5-19.el9_6.3.x86_64.rpm SHA-256: 032dbaad378f770c8750a713f49388bd79bd74d46ba4927e08b1f4332926b163 squid-debuginfo-5.5-19.el9_6.3.x86_64.rpm SHA-256: 419b3acbbc7804312fbc1c3b14c28df87e98e44fd40a52d9247e907e8af73334 squid-debugsource-5.5-19.el9_6.3.x86_64.rpm SHA-256: 6dd87104f46bb9ec605bfd56a1d2e686a2e2a9457074165eeed8fe8c2adec351 Red Hat Enterprise Linux Server - AUS 9.6 SRPM squid-5.5-19.el9_6.3.src.rpm SHA-256: 0dd2a8ae5683dee7fa9e111dea7c93fc8596905608fcf710e1744176946677b7 x86_64 squid-5.5-19.el9_6.3.x86_64.rpm SHA-256: 032dbaad378f770c8750a713f49388bd79bd74d46ba4927e08b1f4332926b163 squid-debuginfo-5.5-19.el9_6.3.x86_64.rpm SHA-256: 419b3acbbc7804312fbc1c3b14c28df87e98e44fd40a52d9247e907e8af73334 squid-debugsource-5.5-19.el9_6.3.x86_64.rpm SHA-256: 6dd87104f46bb9ec605bfd56a1d2e686a2e2a9457074165eeed8fe8c2adec351 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 SRPM squid-5.5-19.el9_6.3.src.rpm SHA-256: 0dd2a8ae5683dee7fa9e111dea7c93fc8596905608fcf710e1744176946677b7 s390x squid-5.5-19.el9_6.3.s390x.rpm SHA-256: 4e4ac33fdda4fdc14e6a232a5d0530f643a6220d2ccc784c8068388ee0d4cba0 squid-debuginfo-5.5-19.el9_6.3.s390x.rpm SHA-256: ac8208c35e05c6715f129f2b68226f12388ecad40a2c4c7c3fc2431a99b589c0 squid-debugsource-5.5-19.el9_6.3.s390x.rpm SHA-256: 1cf162aa20abc2b9befb6c8759d9d8f50eccd2163735e521f6d12093f1829dfa Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 SRPM squid-5.5-19.el9_6.3.src.rpm SHA-256: 0dd2a8ae5683dee7fa9e111dea7c93fc8596905608fcf710e1744176946677b7 ppc64le squid-5.5-19.el9_6.3.ppc64le.rpm SHA-256: 6cb4c7e1e480f347f5db069fe6997fda6ee4248d2144710ad5e6f0b394e7424f squid-debuginfo-5.5-19.el9_6.3.ppc64le.rpm SHA-256: 97822aaf531e700460d63c3ba14cfe468bcf41157f4683272b6463ab9c51ca8f squid-debugsource-5.5-19.el9_6.3.ppc64le.rpm SHA-256: 229c7a998844b0a39a6020301831811b8a23f9e871c2e75e05e00444d83e0037 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 SRPM squid-5.5-19.el9_6.3.src.rpm SHA-256: 0dd2a8ae5683dee7fa9e111dea7c93fc8596905608fcf710e1744176946677b7 aarch64 squid-5.5-19.el9_6.3.aarch64.rpm SHA-256: 0865597d28cef5d8d0618f2325da721a77e78ff7f4f1aa7f69b288dfb4b6bc9c squid-debuginfo-5.5-19.el9_6.3.aarch64.rpm SHA-256: f5880de500beee5f5ae222fb1050ac07f181487226b6c613f5a2159d4648f419 squid-debugsource-5.5-19.el9_6.3.aarch64.rpm SHA-256: 9b5bb11a4cf44a321e5e53ff50a4f7ef2b3f326194b12e87abbc9c60e78e180b Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 SRPM squid-5.5-19.el9_6.3.src.rpm SHA-256: 0dd2a8ae5683dee7fa9e111dea7c93fc8596905608fcf710e1744176946677b7 ppc64le squid-5.5-19.el9_6.3.ppc64le.rpm SHA-256: 6cb4c7e1e480f347f5db069fe6997fda6ee4248d2144710ad5e6f0b394e7424f squid-debuginfo-5.5-19.el9_6.3.ppc64le.rpm SHA-256: 97822aaf531e700460d63c3ba14cfe468bcf41157f4683272b6463ab9c51ca8f squid-debugsource-5.5-19.el9_6.3.ppc64le.rpm SHA-256: 229c7a998844b0a39a6020301831811b8a23f9e871c2e75e05e00444d83e0037 Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 SRPM squid-5.5-19.el9_6.3.src.rpm SHA-256: 0dd2a8ae5683dee7fa9e111dea7c93fc8596905608fcf710e1744176946677b7 x86_64 squid-5.5-19.el9_6.3.x86_64.rpm SHA-256: 032dbaad378f770c8750a713f49388bd79bd74d46ba4927e08b1f4332926b163 squid-debuginfo-5.5-19.el9_6.3.x86_64.rpm SHA-256: 419b3acbbc7804312fbc1c3b14c28df87e98e44fd40a52d9247e907e8af73334 squid-debugsource-5.5-19.el9_6.3.x86_64.rpm SHA-256: 6dd87104f46bb9ec605bfd56a1d2e686a2e2a9457074165eeed8fe8c2adec351 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 SRPM squid-5.5-19.el9_6.3.src.rpm SHA-256: 0dd2a8ae5683dee7fa9e111dea7c93fc8596905608fcf710e1744176946677b7 aarch64 squid-5.5-19.el9_6.3.aarch64.rpm SHA-256: 0865597d28cef5d8d0618f2325da721a77e78ff7f4f1aa7f69b288dfb4b6bc9c squid-debuginfo-5.5-19.el9_6.3.aarch64.rpm SHA-256: f5880de500beee5f5ae222fb1050ac07f181487226b6c613f5a2159d4648f419 squid-debugsource-5.5-19.el9_6.3.aarch64.rpm SHA-256: 9b5bb11a4cf44a321e5e53ff50a4f7ef2b3f326194b12e87abbc9c60e78e180b Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 SRPM squid-5.5-19.el9_6.3.src.rpm SHA-256: 0dd2a8ae5683dee7fa9e111dea7c93fc8596905608fcf710e1744176946677b7 s390x squid-5.5-19.el9_6.3.s390x.rpm SHA-256: 4e4ac33fdda4fdc14e6a232a5d0530f643a6220d2ccc784c8068388ee0d4cba0 squid-debuginfo-5.5-19.el9_6.3.s390x.rpm SHA-256: ac8208c35e05c6715f129f2b68226f12388ecad40a2c4c7c3fc2431a99b589c0 squid-debugsource-5.5-19.el9_6.3.s390x.rpm SHA-256: 1cf162aa20abc2b9befb6c8759d9d8f50eccd2163735e521f6d12093f1829dfa Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.6 SRPM squid-5.5-19.el9_6.3.src.rpm SHA-256: 0dd2a8ae5683dee7fa9e111dea7c93fc8596905608fcf710e1744176946677b7 x86_64 squid-5.5-19.el9_6.3.x86_64.rpm SHA-256: 032dbaad378f770c8750a713f49388bd79bd74d46ba4927e08b1f4332926b163 squid-debuginfo-5.5-19.el9_6.3.x86_64.rpm SHA-256: 419b3acbbc7804312fbc1c3b14c28df87e98e44fd40a52d9247e907e8af73334 squid-debugsource-5.5-19.el9_6.3.x86_64.rpm SHA-256: 6dd87104f46bb9ec605bfd56a1d2e686a2e2a9457074165eeed8fe8c2adec351 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.6 SRPM squid-5.5-19.el9_6.3.src.rpm SHA-256: 0dd2a8ae5683dee7fa9e111dea7c93fc8596905608fcf710e1744176946677b7 aarch64 squid-5.5-19.el9_6.3.aarch64.rpm SHA-256: 0865597d28cef5d8d0618f2325da721a77e78ff7f4f1aa7f69b288dfb4b6bc9c squid-debuginfo-5.5-19.el9_6.3.aarch64.rpm SHA-256: f5880de500beee5f5ae222fb1050ac07f181487226b6c613f5a2159d4648f419 squid-debugsource-5.5-19.el9_6.3.aarch64.rpm SHA-256: 9b5bb11a4cf44a321e5e53ff50a4f7ef2b3f326194b12e87abbc9c60e78e180b Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.6 SRPM squid-5.5-19.el9_6.3.src.rpm SHA-256: 0dd2a8ae5683dee7fa9e111dea7c93fc8596905608fcf710e1744176946677b7 ppc64le squid-5.5-19.el9_6.3.ppc64le.rpm SHA-256: 6cb4c7e1e480f347f5db069fe6997fda6ee4248d2144710ad5e6f0b394e7424f squid-debuginfo-5.5-19.el9_6.3.ppc64le.rpm SHA-256: 97822aaf531e700460d63c3ba14cfe468bcf41157f4683272b6463ab9c51ca8f squid-debugsource-5.5-19.el9_6.3.ppc64le.rpm SHA-256: 229c7a998844b0a39a6020301831811b8a23f9e871c2e75e05e00444d83e0037 Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.6 SRPM squid-5.5-19.el9_6.3.src.rpm SHA-256: 0dd2a8ae5683dee7fa9e111dea7c93fc8596905608fcf710e1744176946677b7 s390x squid-5.5-19.el9_6.3.s390x.rpm SHA-256: 4e4ac33fdda4fdc14e6a232a5d0530f643a6220d2ccc784c8068388ee0d4cba0 squid-debuginfo-5.5-19.el9_6.3.s390x.rpm SHA-256: ac8208c35e05c6715f129f2b68226f12388ecad40a2c4c7c3fc2431a99b589c0 squid-debugsource-5.5-19.el9_6.3.s390x.rpm SHA-256: 1cf162aa20abc2b9befb6c8759d9d8f50eccd2163735e521f6d12093f1829dfa The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .