VDB
CVE-2026-33515
CVE-2026-33515
PUBLISHED
CVSS 6.900000095367432 MEDIUM
Squid is a caching proxy for the Web. Prior to version 7.5, due to improper input validation, Squid is vulnerable to out of bounds read when handling ICP traffic. This problem allows a remote attacker to receive small amounts of memory potentially containing sensitive information when responding with errors to invalid ICP requests. This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero `icp_port`). This problem cannot be mitigated by denying ICP queries using `icp_access` rules. Version 7.5 contains a patch.
EPSS 0.04% · 13.9th percentile
Risk Scores
CVSS 4.0
6.900000095367432
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:N/SA:N
EPSS Score
0.04%
13.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| squid-cache | squid | *, *, < 7.5 |
Exploit Intelligence
- CIRCL seen: CVE-2026-33515 (circl-sighting)
- CIRCL seen: CVE-2026-33515 (circl-sighting)
- CIRCL seen: CVE-2026-33515 (circl-sighting)
- CIRCL seen: CVE-2026-33515 (circl-sighting)
- http://www.openwall.com/lists/oss-security/2026/03/25/4 (circl)
- https://github.com/squid-cache/squid/security/advisories/GHSA-84p4-hcx7-jj7c (circl)
- https://github.com/squid-cache/squid/pull/2220 (circl)
- https://github.com/squid-cache/squid/pull/2220#discussion_r2727683637 (circl)
- https://github.com/squid-cache/squid/commit/8138e909d2058d4401e0ad49b583afaec912b165 (circl)
- patch-src_ICP.h (github-poc)
…and 24 more exploits
Timeline
- Mar 25, 2026 CVE Published
- Mar 25, 2026 PoC Published
- Mar 25, 2026 PoC Published
- Mar 26, 2026 Coalition ESS Score
- Mar 26, 2026 PoC Published
- Mar 26, 2026 CVE Updated
- Mar 29, 2026 PoC Published
- Mar 31, 2026 Security Advisory
- Mar 31, 2026 Security Advisory
- Mar 31, 2026 Security Advisory
- Mar 31, 2026 Security Advisory
- Mar 31, 2026 Security Advisory
References
- https://github.com/squid-cache/squid/security/advisories/GHSA-84p4-hcx7-jj7c advisory
- https://github.com/squid-cache/squid/security/advisories/GHSA-f9p7-3jqg-hhvq advisory
- https://github.com/squid-cache/squid/security/advisories/GHSA-hpfx-h48q-gvwg advisory
- https://github.com/squid-cache/squid/pull/2220 url
- https://github.com/squid-cache/squid/pull/2220#discussion_r2727683637 url
- https://github.com/squid-cache/squid/commit/8138e909d2058d4401e0ad49b583afaec912b165 url
- http://www.openwall.com/lists/oss-security/2026/03/25/4 url
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32748 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-4438 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23347 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23268 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23392 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23319 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23253 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23296 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23364 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23368 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27654 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-30922 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23286 advisory
…and 64 more