Skip to main content

Squid CVE-2026-50012

HIGH
2026-06-12
Share

Severity by source

SUSE PRIMARY
8.1 HIGH
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Red Hat
5.5 MEDIUM
qualitative

Primary rating from SUSE.

Lifecycle Timeline

1
Analysis Generated
Jun 12, 2026 - 12:45 vuln.today

Description PRE-NVD

Disclosed via oss-security. NVD scoring and full description are pending.

AnalysisAI

Squid caching proxy is affected by CVE-2026-50012, disclosed via the oss-security mailing list on 2026-06-12 as a pre-NVD advisory. No technical details - description, affected versions, vulnerability class, or impact - have been made available in the current intelligence snapshot. The advisory was bundled with a sibling disclosure (CVE-2026-47729) from the same Squid maintainer post, suggesting a coordinated release, but no further differentiation between the two CVEs is derivable from available data. No exploitation, no KEV listing, and no EPSS score are present at time of analysis.

Technical ContextAI

Squid is a widely deployed open-source caching proxy supporting HTTP, HTTPS, FTP, and other protocols, commonly used in enterprise and ISP environments for traffic caching, filtering, and access control. No CWE identifier has been assigned, and no CPE string has been published, making it impossible to identify the specific component, subsystem, or protocol handler affected. The root cause class, attack surface, and technical mechanism are entirely unknown at this stage of disclosure. The oss-security post attributes the advisory to Amos Jeffries (squid3@...), a known Squid maintainer, which lends authenticity to the disclosure but provides no additional technical context.

Affected ProductsAI

The affected product is Squid caching proxy. No version range, CPE string, or platform constraint has been disclosed. The advisory originates from the oss-security mailing list at https://www.openwall.com/lists/oss-security/2026/06/12 but does not enumerate specific affected releases in the data available for this analysis. Defenders should monitor the official Squid security advisory page and the oss-security thread for version specifics as the disclosure matures.

RemediationAI

No patch version, vendor advisory URL, or workaround has been identified in the available intelligence. Affected version range is unknown, making targeted upgrade guidance impossible. Until the oss-security thread or NVD entry provides version and fix details, organizations running Squid should monitor the official Squid advisories (https://www.squid-cache.org/Advisories/) and the oss-security list. As a general precautionary measure - not a confirmed mitigation for this specific CVE - operators may consider restricting external access to the Squid management interface and ensuring Squid is not exposed to untrusted networks without access controls. These are generic hardening steps with no confirmed trade-off for this CVE; apply only as interim posture while awaiting full disclosure.

Vendor StatusVendor

SUSE

Severity: Important
Product Status
SUSE Linux Enterprise High Performance Computing 15 SP7 Affected
SUSE Linux Enterprise Module for Server Applications 15 SP7 Affected
SUSE Linux Enterprise Server 15 SP7 Affected
SUSE Linux Enterprise Server 16.0 Affected
SUSE Linux Enterprise Server 16.1 Affected

Share

CVE-2026-50012 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy