Red Hat Security Advisory: squid:4 security update
Two denial of service vulnerabilities have been identified in Squid, a high-performance proxy caching server used in Red Hat Enterprise Linux 8. 4. The issues involve a heap Use-After-Free vulnerability in ICP handling (CVE-2026-33526) and denial of service via crafted ICP traffic (CVE-2026-32748). Red Hat has issued an important security advisory with updates addressing these vulnerabilities. The advisory provides updated packages and instructions for remediation. No CVSS score is provided, but the impact is rated as important by Red Hat. There are no known exploits in the wild at this time.
AI Analysis
Technical Summary
Red Hat Product Security released an advisory (RHSA-2026:20564) addressing two denial of service vulnerabilities in Squid 4 used in Red Hat Enterprise Linux 8.4. The first vulnerability (CVE-2026-33526) is a heap Use-After-Free issue in ICP handling, and the second (CVE-2026-32748) involves denial of service via crafted ICP traffic. These vulnerabilities could allow an attacker to cause service disruption. The advisory includes updated packages for affected versions and references detailed CVE pages for further information. The update is rated as important and is available for installation to remediate these issues.
Potential Impact
The vulnerabilities allow denial of service conditions in Squid proxy servers by exploiting heap Use-After-Free in ICP handling or by sending crafted ICP traffic. This can disrupt proxy services, potentially impacting availability of web and FTP caching services. There are no reports of exploitation in the wild. The impact is limited to denial of service; no code execution or data breach is indicated.
Mitigation Recommendations
Red Hat has released security updates for Squid 4 in Red Hat Enterprise Linux 8.4 to address these vulnerabilities. Administrators should apply the provided patches as detailed in the Red Hat advisory RHSA-2026:20564 and the referenced update article (https://access.redhat.com/articles/11258). No additional mitigation steps are indicated beyond applying the official updates. Patch status is confirmed as available.
Red Hat Security Advisory: squid:4 security update
Description
Two denial of service vulnerabilities have been identified in Squid, a high-performance proxy caching server used in Red Hat Enterprise Linux 8. 4. The issues involve a heap Use-After-Free vulnerability in ICP handling (CVE-2026-33526) and denial of service via crafted ICP traffic (CVE-2026-32748). Red Hat has issued an important security advisory with updates addressing these vulnerabilities. The advisory provides updated packages and instructions for remediation. No CVSS score is provided, but the impact is rated as important by Red Hat. There are no known exploits in the wild at this time.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Red Hat Product Security released an advisory (RHSA-2026:20564) addressing two denial of service vulnerabilities in Squid 4 used in Red Hat Enterprise Linux 8.4. The first vulnerability (CVE-2026-33526) is a heap Use-After-Free issue in ICP handling, and the second (CVE-2026-32748) involves denial of service via crafted ICP traffic. These vulnerabilities could allow an attacker to cause service disruption. The advisory includes updated packages for affected versions and references detailed CVE pages for further information. The update is rated as important and is available for installation to remediate these issues.
Potential Impact
The vulnerabilities allow denial of service conditions in Squid proxy servers by exploiting heap Use-After-Free in ICP handling or by sending crafted ICP traffic. This can disrupt proxy services, potentially impacting availability of web and FTP caching services. There are no reports of exploitation in the wild. The impact is limited to denial of service; no code execution or data breach is indicated.
Mitigation Recommendations
Red Hat has released security updates for Squid 4 in Red Hat Enterprise Linux 8.4 to address these vulnerabilities. Administrators should apply the provided patches as detailed in the Red Hat advisory RHSA-2026:20564 and the referenced update article (https://access.redhat.com/articles/11258). No additional mitigation steps are indicated beyond applying the official updates. Patch status is confirmed as available.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2026:20564
- Cve Count
- 2
- Additional Cves
- ["CVE-2026-33526"]
- Cvss Version
- null
Threat ID: 6a16097be29bf47b50647bd3
Added to database: 5/26/2026, 8:58:35 PM
Last enriched: 5/26/2026, 11:05:12 PM
Last updated: 5/27/2026, 4:58:50 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.