Cloud Software Group has released Security Bulletin CTX696604, addressing six high-severity vulnerabilities affecting NetScaler ADC and NetScaler Gateway. Organizations leveraging NetScaler for secure remote access, load balancing, authentication, application delivery, or DNS services should review their environments immediately and plan remediation activities as soon as possible.
The vulnerabilities covered by this advisory include:
- CVE-2026-8451
- CVE-2026-8452
- CVE-2026-8655
- CVE-2026-10816
- CVE-2026-10817
- CVE-2026-13474
Description of Problem
Multiple vulnerabilities have been discovered in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). Refer below for further details.
Affected Versions:
The following supported versions of NetScaler ADC and NetScaler Gateway are affected by the vulnerabilities:
- NetScaler ADC and NetScaler Gateway 14.1 BEFORE 14.1-72.61
- NetScaler ADC and NetScaler Gateway 13.1 BEFORE 13.1-63.18
- NetScaler ADC FIPS BEFORE 14.1-72.61 FIPS
- NetScaler ADC FIPS and NDcPP BEFORE 13.1-37.272
Note: Secure Private Access Hybrid deployments using NetScaler instances are also affected by the vulnerabilities. Customers need to upgrade these NetScaler instances to the recommended NetScaler builds to address the vulnerabilities.
This bulletin only applies to customer-managed NetScaler ADC and NetScaler Gateway. Cloud Software Group upgrades the Citrix-managed cloud services and Citrix-managed Adaptive Authentication with the necessary software updates.
NetScaler ADC and NetScaler Gateway are affected by the vulnerabilities mentioned below:
|
CVE-ID
|
Description
|
Pre-conditions
|
CWE
|
CVSSv4
|
|
CVE-2026-8451
|
Insufficient input validation leading to memory overread
|
NetScaler ADC or NetScaler Gateway must be configured as a SAML IDP
|
CWE-125: Out-of-bounds Read
|
CVSS v4.0 Base Score: 8.8 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N )
|
|
CVE-2026-8452
|
Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service
|
Appliance must be configured as: Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy)
OR
AAA virtual server
|
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
|
CVSS v4.0 Base Score: 8.8 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:L/SI:L/SA:L)
|
|
CVE-2026-8655
|
Multiple Memory overflow vulnerabilities leading to unpredictable or erroneous behavior and Denial of Service
|
NetScaler ADC must be configured as an LB of type Oracle
OR
NetScaler ADC must be configured as a DNS Proxy
OR
NetScaler ADC must be configured as a DNS recursive resolver deployment
|
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
|
CVSS v4.0 Base Score: 8.8 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:L)
|
|
CVE-2026-10816
|
Arbitrary File Read (Unauthenticated)
|
Access to NSIP, Cluster Management IP or SNIP with management access enabled
|
CWE-73: External Control of File Name or Path
|
CVSS v4.0 Base Score: 7.1 ( CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N )
|
|
CVE-2026-1081 7
|
Insufficient input validation leading to memory overread
|
TCP TimeStamp enabled in TCP Profile and associated with the virtual server (of type LB, CS, VPN) or the service configured on NetScaler
|
CWE-125: Out-of-bounds Read
|
CVSS v4.0 Base Score: 6.9 ( CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N )
|
|
CVE-2026-1347 4
|
Denial of service via malformed HTTP/2 requests
|
HTTP/2 enabled in HTTP Profile and associated with the virtual server (of type LB, CS, VPN) or the service configured on NetScaler
|
CWE-401:Missing Release of Memory after Effective Lifetime
|
CVSS v4.0 Base Score: 8.7 ( CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L )
|
Recommended Remediation
Cloud Software Group recommends upgrading vulnerable systems to the following versions:
|
Product
|
Recommended Version
|
|
NetScaler ADC / Gateway 14.1
|
14.1-72.61 or later
|
|
NetScaler ADC / Gateway 13.1
|
13.1-63.18 or later
|
|
NetScaler ADC FIPS
|
14.1-72.61 FIPS or later
|
|
NetScaler ADC FIPS / NDcPP
|
13.1-37.272 or later
|
Organizations should also:
- Inventory all NetScaler instances across production, DR, and test environments.
- Identify internet-facing and externally accessible appliances.
- Review SAML, Gateway, DNS Proxy, and management interface configurations.
- Validate backup and recovery procedures before upgrades.
- Schedule maintenance windows for firmware upgrades.
- Conduct post-upgrade testing for VPN, ICA Proxy, Load Balancing, and Single Sign-On functionality.
Organizations running affected versions should review CTX696604 immediately and schedule upgrades to the recommended firmware versions as part of their ongoing vulnerability management process.
If you would like more information or assistance on implementing the recommended remediation steps please contact our industry-leading experts at service@helient.com.