Two critical vulnerabilities (CVE-2026-32748 and CVE-2026-33526, CVSS 7.5 HIGH) in Squid proxy server allow remote Denial of Service via crafted ICP traffic and a heap Use-After-Free flaw in ICP handling. The NVD data indicates Squid versions prior to 7.5 are affected. The fix requires upgrading to Squid version 7.5.
Red Hat Product Errata RHSA-2026:10257 - Security Advisory Issued: 2026-04-23 Updated: 2026-04-23 RHSA-2026:10257 - Security Advisory Overview Updated Packages Synopsis Important: squid security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for squid is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Squid is a high-performance proxy caching server for web clients, supporting FTP, and HTTP data objects. Security Fix(es): squid: Squid: Denial of Service via heap Use-After-Free vulnerability in ICP handling (CVE-2026-33526) Squid: Squid: Denial of Service via crafted ICP traffic (CVE-2026-32748) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux Server - AUS 9.2 x86_64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.2 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.2 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.2 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.2 s390x Fixes BZ - 2451574 - CVE-2026-33526 squid: Squid: Denial of Service via heap Use-After-Free vulnerability in ICP handling BZ - 2451577 - CVE-2026-32748 Squid: Squid: Denial of Service via crafted ICP traffic CVEs CVE-2026-32748 CVE-2026-33526 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux Server - AUS 9.2 SRPM squid-5.5-5.el9_2.11.src.rpm SHA-256: 1a1410a856e8b61bceb2f724806f250df2899c23b9a7ac78483d5f4ebe998c0a x86_64 squid-5.5-5.el9_2.11.x86_64.rpm SHA-256: ad84dccb0cd5e8f6d722c2182da50000ddab208cdfc3d76eb31302577c789e41 squid-debuginfo-5.5-5.el9_2.11.x86_64.rpm SHA-256: 3efb7e450f38b916304ca79fe505cfd2b76fcd194899f4977079f71af58ad645 squid-debugsource-5.5-5.el9_2.11.x86_64.rpm SHA-256: 9e36222500e4bf65bd7cb704d775252123a6cf997d1d8b176bc4b868e11be141 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 SRPM squid-5.5-5.el9_2.11.src.rpm SHA-256: 1a1410a856e8b61bceb2f724806f250df2899c23b9a7ac78483d5f4ebe998c0a ppc64le squid-5.5-5.el9_2.11.ppc64le.rpm SHA-256: 74883785ad1288311152a78c7e8649634ad63aa50ad647439b4d28547e7ed2ac squid-debuginfo-5.5-5.el9_2.11.ppc64le.rpm SHA-256: ffb4b504dc3b50ae2dcf1cc965428e1f5c480b707912f7bc8253a9674e6a05e5 squid-debugsource-5.5-5.el9_2.11.ppc64le.rpm SHA-256: c28ab9ff493b7d36e4d5d979893e0f7dc78c00fe1727c7ed035a6aeba159f384 Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 SRPM squid-5.5-5.el9_2.11.src.rpm SHA-256: 1a1410a856e8b61bceb2f724806f250df2899c23b9a7ac78483d5f4ebe998c0a x86_64 squid-5.5-5.el9_2.11.x86_64.rpm SHA-256: ad84dccb0cd5e8f6d722c2182da50000ddab208cdfc3d76eb31302577c789e41 squid-debuginfo-5.5-5.el9_2.11.x86_64.rpm SHA-256: 3efb7e450f38b916304ca79fe505cfd2b76fcd194899f4977079f71af58ad645 squid-debugsource-5.5-5.el9_2.11.x86_64.rpm SHA-256: 9e36222500e4bf65bd7cb704d775252123a6cf997d1d8b176bc4b868e11be141 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2 SRPM squid-5.5-5.el9_2.11.src.rpm SHA-256: 1a1410a856e8b61bceb2f724806f250df2899c23b9a7ac78483d5f4ebe998c0a aarch64 squid-5.5-5.el9_2.11.aarch64.rpm SHA-256: 92d873a4e9a3cc9bef7ce48081c4cbc3733ef9878e9ea18e6c380805c62ae563 squid-debuginfo-5.5-5.el9_2.11.aarch64.rpm SHA-256: b4e1b500dbe69275027e6a07d7f587a685fbe0fff6427b8fd0342c25ddd0483a squid-debugsource-5.5-5.el9_2.11.aarch64.rpm SHA-256: ba9c1ac78cee7f1af889036ce2fed7a2f4fe157375c4873e8b327e9481aa6415 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2 SRPM squid-5.5-5.el9_2.11.src.rpm SHA-256: 1a1410a856e8b61bceb2f724806f250df2899c23b9a7ac78483d5f4ebe998c0a s390x squid-5.5-5.el9_2.11.s390x.rpm SHA-256: ed540ae3c96295229d814539e7daba440c79128ff3dfe9b346ec7a24ae35ce4d squid-debuginfo-5.5-5.el9_2.11.s390x.rpm SHA-256: 09f15f1092d9aaab0b6d21f1fa49300137492d89027e006bafd9db5052575b22 squid-debugsource-5.5-5.el9_2.11.s390x.rpm SHA-256: 0e0973ba8f8a26c8e144f59c5937ff20134a33c15d305d7c0438026a2377d737 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.2 SRPM squid-5.5-5.el9_2.11.src.rpm SHA-256: 1a1410a856e8b61bceb2f724806f250df2899c23b9a7ac78483d5f4ebe998c0a x86_64 squid-5.5-5.el9_2.11.x86_64.rpm SHA-256: ad84dccb0cd5e8f6d722c2182da50000ddab208cdfc3d76eb31302577c789e41 squid-debuginfo-5.5-5.el9_2.11.x86_64.rpm SHA-256: 3efb7e450f38b916304ca79fe505cfd2b76fcd194899f4977079f71af58ad645 squid-debugsource-5.5-5.el9_2.11.x86_64.rpm SHA-256: 9e36222500e4bf65bd7cb704d775252123a6cf997d1d8b176bc4b868e11be141 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.2 SRPM squid-5.5-5.el9_2.11.src.rpm SHA-256: 1a1410a856e8b61bceb2f724806f250df2899c23b9a7ac78483d5f4ebe998c0a aarch64 squid-5.5-5.el9_2.11.aarch64.rpm SHA-256: 92d873a4e9a3cc9bef7ce48081c4cbc3733ef9878e9ea18e6c380805c62ae563 squid-debuginfo-5.5-5.el9_2.11.aarch64.rpm SHA-256: b4e1b500dbe69275027e6a07d7f587a685fbe0fff6427b8fd0342c25ddd0483a squid-debugsource-5.5-5.el9_2.11.aarch64.rpm SHA-256: ba9c1ac78cee7f1af889036ce2fed7a2f4fe157375c4873e8b327e9481aa6415 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.2 SRPM squid-5.5-5.el9_2.11.src.rpm SHA-256: 1a1410a856e8b61bceb2f724806f250df2899c23b9a7ac78483d5f4ebe998c0a ppc64le squid-5.5-5.el9_2.11.ppc64le.rpm SHA-256: 74883785ad1288311152a78c7e8649634ad63aa50ad647439b4d28547e7ed2ac squid-debuginfo-5.5-5.el9_2.11.ppc64le.rpm SHA-256: ffb4b504dc3b50ae2dcf1cc965428e1f5c480b707912f7bc8253a9674e6a05e5 squid-debugsource-5.5-5.el9_2.11.ppc64le.rpm SHA-256: c28ab9ff493b7d36e4d5d979893e0f7dc78c00fe1727c7ed035a6aeba159f384 Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.2 SRPM squid-5.5-5.el9_2.11.src.rpm SHA-256: 1a1410a856e8b61bceb2f724806f250df2899c23b9a7ac78483d5f4ebe998c0a s390x squid-5.5-5.el9_2.11.s390x.rpm SHA-256: ed540ae3c96295229d814539e7daba440c79128ff3dfe9b346ec7a24ae35ce4d squid-debuginfo-5.5-5.el9_2.11.s390x.rpm SHA-256: 09f15f1092d9aaab0b6d21f1fa49300137492d89027e006bafd9db5052575b22 squid-debugsource-5.5-5.el9_2.11.s390x.rpm SHA-256: 0e0973ba8f8a26c8e144f59c5937ff20134a33c15d305d7c0438026a2377d737 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .