Is Ubuntu affected by EUVD-2026-16056?

Organizations using Squid face significant risk from CVE-2026-32748 rated CVSS 8.7. Successful exploitation could significantly impact the confidentiality, integrity, or availability of affected systems.

EUVD-2026-16056

| CVE-2026-32748 HIGH

2026-03-26 GitHub_M

8.7

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

EUVD ID Assigned

Mar 26, 2026 - 01:00 euvd

EUVD-2026-16056

Analysis Generated

Mar 26, 2026 - 01:00 vuln.today

CVE Published

Mar 26, 2026 - 00:11 nvd

HIGH 8.7

Description

Squid is a caching proxy for the Web. Prior to version 7.5, due to premature release of resource during expected lifetime and heap Use-After-Free bugs, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable Denial of Service attack against the Squid service using ICP protocol. This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero `icp_port`). This problem _cannot_ be mitigated by denying ICP queries using `icp_access` rules. This bug is fixed in Squid version 7.5.

Analysis

Squid proxy versions prior to 7.5 contain use-after-free and premature resource release vulnerabilities in ICP (Internet Cache Protocol) traffic handling that enable reliable, repeatable denial of service attacks. Remote attackers can exploit these memory safety bugs to crash the Squid service by sending specially crafted ICP packets, affecting deployments that have explicitly enabled ICP support via non-zero icp_port configuration. …

Remediation

Within 7 days: Identify all affected systems and apply vendor patches promptly. Monitor vendor channels for patch availability.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +1.8

CVSS: +44

POC: 0

Vendor Status

Ubuntu

Priority: Medium

squid

Release	Status	Version
focal	needs-triage	-
jammy	needs-triage	-
noble	needs-triage	-
questing	needs-triage	-
upstream	needs-triage	-

squid3

Release	Status	Version
xenial	needs-triage	-
bionic	needs-triage	-
jammy	DNE	-
noble	DNE	-
questing	DNE	-
upstream	needs-triage	-

Debian

squid

Release	Status	Fixed Version	Urgency
bullseye	vulnerable	4.13-10+deb11u3	-
bullseye (security)	vulnerable	4.13-10+deb11u6	-
bookworm	vulnerable	5.7-2+deb12u5	-
bookworm (security)	vulnerable	5.7-2+deb12u4	-
trixie, trixie (security)	vulnerable	6.13-2+deb13u1	-
forky	vulnerable	7.4-1	-
sid	fixed	7.5-1	-
(unstable)	fixed	7.5-1	-

EUVD-2026-16056 vulnerability details – vuln.today

Back

EUVD-2026-16056

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Vendor Status

Ubuntu

Debian

Share

EUVD-2026-16056

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Vendor Status

Ubuntu

Debian

Share

External POC / Exploit Code