HackMyIP
← Back to News
2026-07-01 The Hacker News

Citrix Patches Six Critical NetScaler Flaws Enabling File Reads and DoS

VulnerabilityCloud Security

Citrix has released security updates for six vulnerabilities in NetScaler ADC and NetScaler Gateway that could allow attackers to read arbitrary files or trigger denial-of-service conditions on enterprise deployments. Several of the flaws carry CVSS scores between 8.7 and 8.8, putting remote-access and load-balancing infrastructure at significant risk if left unpatched.

Four of the issues—CVE-2026-8451, CVE-2026-8452, CVE-2026-8655, and CVE-2026-13474—carry the highest severity ratings. CVE-2026-8451 is an input validation flaw causing a memory overread when NetScaler operates as a SAML identity provider. CVE-2026-8452 and CVE-2026-8655 are memory overflow vulnerabilities that lead to unpredictable behavior and DoS across Gateway, AAA virtual server, Oracle load balancer, DNS proxy, and DNS recursive resolver configurations. CVE-2026-13474 enables DoS via malformed HTTP/2 requests when HTTP/2 is enabled on load balancer, content switching, or VPN virtual servers. CVE-2026-10816 (CVSS 7.7) is arguably the most operationally serious flaw because it allows unauthenticated arbitrary file read whenever management access is enabled on NSIP, Cluster Management IP, or SNIP interfaces. CVE-2026-10817 (CVSS 6.9) is a memory overread triggered when TCP TimeStamp is enabled on a TCP Profile bound to a load balancer, content switching, or VPN virtual server.

Patches ship in NetScaler ADC and NetScaler Gateway versions 14.1-72.61, 13.1-63.18, and the corresponding 14.1-FIPS and 13.1-FIPS/NDcPP builds. For CVE-2026-13474, organizations not using HTTP Strict Profiles must also manually set the Http2SmallWndTimeout parameter to 30 seconds—upgrading alone is not sufficient to close the hole. Security teams should audit management interface exposure with a port scanner and confirm that front-end encryption is correctly enforced using an SSL/TLS checker.

The vulnerabilities were credited to Michael Tucker of the XOR team at JPMorgan Chase and Aliz Hammond of watchTowr, among other researchers. Because NetScaler Gateway is widely deployed as a remote-access VPN solution across enterprises, IT teams should prioritize patching internet-facing appliances, restrict management IP access, and confirm that gateway traffic is not being routed through unauthorized intermediaries using a VPN/proxy detector.

Source: The Hacker News →

Related Tools

Check whether this kind of story affects you — free, no signup:

My IP →IP Lookup →Privacy Checkup →

Related Guides

Learn the background behind this story:

What is my IP and why it matters →IP address security →How to stop being tracked online →