Changeflow GovPing Data Privacy & Cybersecurity Squid Vulnerabilities Allow Denial of Service A...
Priority review Notice Amended Final

Squid Vulnerabilities Allow Denial of Service Attacks

Favicon for wid.cert-bund.de CERT-Bund Security Advisories
Published March 24th, 2026
Detected March 25th, 2026
Email

Summary

CERT-Bund has issued a security advisory regarding multiple vulnerabilities in Squid, an open-source web proxy cache. These vulnerabilities, with a CVSS base score of 8.6, can be exploited by remote attackers to cause a Denial of Service. The advisory applies to Squid versions prior to 7.5 on Linux, UNIX, and Windows systems.

View original document View source feed page

What changed

CERT-Bund has released a security advisory (WID-SEC-2026-0854) detailing multiple vulnerabilities in the open-source web proxy cache software, Squid. The vulnerabilities, rated with a high CVSS base score of 8.6, allow remote, anonymous attackers to exploit the software and cause a Denial of Service (DoS) condition. The advisory specifically affects Squid versions prior to 7.5 running on Linux, UNIX, and Windows operating systems.

Organizations utilizing Squid are advised to review the advisory and implement mitigation strategies as soon as possible to prevent potential DoS attacks. While the advisory does not specify a compliance deadline, prompt patching or updating to a secure version is critical to maintaining service availability and protecting network infrastructure. Failure to address these vulnerabilities could lead to significant service disruptions.

What to do next

  1. Review CERT-Bund advisory WID-SEC-2026-0854 for specific mitigation steps.
  2. Update affected Squid instances to version 7.5 or later.
  3. Implement network security measures to monitor for and block potential DoS attacks targeting Squid.

Source document (simplified)

[WID-SEC-2026-0854] Squid: Mehrere Schwachstellen ermöglichen Denial of Service CVSS Base Score 8.6 (hoch) CVSS Temporal Score 7.5 (hoch) Remoteangriff ja Datum 24.03.2026 Stand 25.03.2026 Mitigation ja

Betroffene Systeme

Betriebssystem

  • Linux
  • UNIX
  • Windows

Produktbeschreibung

Squid ist ein Open-Source Web Proxy Cache für Unix und Windows Plattformen. Die Software unterstützt Proxying und Caching von HTTP, FTP und anderen Protokollen, sowie SSL und Access Control Lists.

Produkte

24.03.2026
- Open Source Squid <7.5

Angriff

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Squid ausnutzen, um einen Denial of Service Angriff durchzuführen. CVE Informationen Versionshistorie Feedback zum Advisory geben

Named provisions

Betroffene Systeme Produktbeschreibung Angriff

Related changes

Favicon for wid.cert-bund.de Critical xz Utils Vulnerability Enables Remote Code Execution
Urgent Apr 01, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de Vim Vulnerability - Arbitrary Code Execution Risk
Urgent Apr 01, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de gdk-pixbuf Vulnerability - Denial of Service and Remote Code Execution Risk
Priority review Apr 01, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for www.csa.gov.sg Critical Axios Supply Chain Compromise via npm
Urgent Apr 01, 2026 CSA Alerts & Advisories (Singapore) Data Privacy & Cybersecurity
Favicon for www.cisa.gov CVE-2026-5281 Google Dawn Use-After-Free Added to KEV Catalog
Priority review Apr 01, 2026 CISA ICS-CERT Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr Multiples vulnérabilités dans les produits Microsoft
Priority review Apr 01, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity

Source

Favicon for wid.cert-bund.de
CERT-Bund Security Advisories wid.cert-bund.de/content/public/securityAdvisory/rss
Data Privacy & Cybersecurity
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
CERT-Bund
Published
March 24th, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Substantive
Document ID
WID-SEC-2026-0854

Who this affects

Applies to
Technology companies
Industry sector
5112 Software & Technology
Activity scope
Proxying and Caching
Geographic scope
Germany DE

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF
Topics
Network Security Vulnerability Management

Browse Categories

Agriculture & Food Safety 63 AI Regulation 3 Banking & Finance 266 Consumer & Competition 1 Consumer Protection 44 Courts & Legal 358 Data Privacy & Cybersecurity 74 Defense & National Security 52 Education 20 Energy 107 Environment 85 Government & Legislation 324 Healthcare 136 Housing 16 Immigration 9 Insurance 58 Labor & Employment 113 Legal & Courts 1 Pharma & Drug Safety 103 Securities & Markets 104 Tax 65 Tax & Revenue 1 Telecom & Technology 47 Trade & Sanctions 124 Transportation 57

Get Data Privacy & Cybersecurity alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when CERT-Bund Security Advisories publishes new changes.

Optional. Personalizes your daily digest.

Free. Unsubscribe anytime.