Posting Date: 2026/07/17
【Vulnerability Alert】Multiple high-risk security vulnerabilities (CVE-2026-8451, CVE-2026-8452, CVE-2026-8655, CVE-2026-10816, CVE-2026-10817, and CVE-2026-13474) exist in NetScaler ADC and NetScaler Gateway. Please confirm and patch them as soon as possible
- Subject: 【Vulnerability Alert】Multiple high-risk security vulnerabilities (CVE-2026-8451, CVE-2026-8452, CVE-2026-8655, CVE-2026-10816, CVE-2026-10817, and CVE-2026-13474) exist in NetScaler ADC and NetScaler Gateway. Please confirm and patch them as soon as possible.
- Description:
- Forwarded from the National Information Security Analysis Center (NISAC) security alert NISAC-200-202607-00000004.
- Researchers have discovered multiple high-risk security vulnerabilities (CVE-2026-8451, CVE-2026-8452, CVE-2026-8655, CVE-2026-10816, CVE-2026-10817, and CVE-2026-13474) in NetScaler ADC and NetScaler Gateway. The most critical one is CVE-2026-8452, a Memory Overflow vulnerability. When the affected device is configured with Gateway or AAA Virtual Server functionality, an unauthenticated remote attacker can exploit this vulnerability to cause system abnormalities, denial of service (DoS), or other unexpected behaviors. Please confirm and apply the patches as soon as possible.
- Affected Platforms:
- NetScaler ADC and NetScaler Gateway versions 14.1 to 14.1-72.61 (exclusive)
- NetScaler ADC and NetScaler Gateway versions 13.1 to 13.1-63.18 (exclusive)
- NetScaler ADC FIPS versions prior to 14.1-72.61 (exclusive)
- NetScaler ADC FIPS and NDcPP versions prior to 13.1-37.272 (exclusive)
- Recommended Actions:
- The official vendor has released security updates to address these vulnerabilities. Please refer to the official announcement to perform the update. The URL is as follows: https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696604
- Reference Information:
Computer and Communication Center
Network Systems Division Sincerely