[CIVN-2026-0354] Multiple Vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway

By Published On: July 3, 2026

—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256


Multiple Vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway


Indian – Computer Emergency Response Team (https://www.cert-in.org.in)


Severity Rating: HIGH


Software Affected


NetScaler ADC and NetScaler Gateway releases prior to 14.1-72.61

NetScaler ADC and NetScaler Gateway releases prior to 13.1-63.18

NetScaler ADC FIPS releases prior to 14.1-72.61-FIPS

NetScaler ADC FIPS and NDcPP releases prior to 13.1-37.272-FIPS/NDcPP

Overview


Multiple vulnerabilities have been reported in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway), which could allow an unauthenticated remote attacker to disclose sensitive information, read arbitrary files, or cause denial of service on the affected systems.


Target Audience:

All end-user organizations and individuals using Citrix NetScaler ADC and NetScaler Gateway.


Risk Assessment:

Risk of information disclosure, arbitrary file read, and denial of service on the affected systems.


Impact Assessment:

Disclosure of sensitive information, arbitrary file read, denial of service, and compromise of system availability.


Description


NetScaler ADC and NetScaler Gateway are application delivery controller (ADC) and secure remote access solutions used to provide load balancing, application delivery, and VPN services for enterprise environments.


Multiple vulnerabilities have been identified in NetScaler ADC and NetScaler Gateway due to memory handling issues, insufficient input validation, improper access control, and implementation flaws in various service components. Depending on the appliance configuration, these vulnerabilities may lead to memory over-read, memory overflow, arbitrary file read, or denial of service.


Successful exploitation of these vulnerabilities could allow an unauthenticated remote attacker to disclose sensitive information from memory, read arbitrary files, or cause denial of service and unpredictable behavior on the affected appliance.


Solution


Apply appropriate security updates and mitigations as mentioned in the vendor advisory:

https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696604



Vendor Information


Citrix

https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696604


References


 

https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696604


CVE Name

CVE-2026-8451

CVE-2026-8452

CVE-2026-8655

CVE-2026-10816

CVE-2026-10817

CVE-2026-13474




– —


Thanks and Regards,

CERT-In


Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS


Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–


iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmpH1I0ACgkQ3jCgcSdc

ys+Cgw//RGRGnvisHotcNbqJvDCgPTDIMKup7VkpaIXxMVHUen9zlqxmLudRLhEJ

FtoRXuNCXmGYX5X+DPyZ7zdLprDA44ISeMHsZ5nZeVWF66CPu1DjN8j+g+UX38T5

WvQWM4cyWpIDQfTU/APKxrD0py3Qf7JZwaUoiTLncH8n2b6XqGwzrXMQHBYGZa6E

K674I0/cAx/kJJ6sCzN/0Ae1UWi1S/AtShudx8qoxX1fts0CqCpyaTdOiyG+W3o8

pmmf7w6BcOcdk6iidddnJtx64V8td9oS8TyQmBkk6EGoPrErKVVT8EFDJNc+U9Pk

TTrcoCVAgTwfioU7zwQuzezZ7OSrxjmEar3gBzkzMDlAVrcIwu/LJhabYtxVNaxt

Vy/A0+DflDQUM+4bz9HdvTqX7zlFfL9vcFIkrv4FoEA2LLTNtRSjwwvI7BCHSsPv

cpytpb/QP6dCuRnaX71yd7Cj5QSdEIqBpuS6EwKvF5ODwNyBmoJVHpQ9312M4gK1

BgoMh/kj5o4Hn5gFJmFj6xKQY2/VLrdht1hJLr4OEbIrjhy4AKkUlwMHo9v8JH3J

HJRPp60ZJp4Taxrlj1emA55eIQU++r6GzUljz5MPy4DomY4y7TTp8aScTm+lRkbC

4pCrtfzotF7gWK6MZlahJZWPv5uhN34lXrzCm7YW8fYkE57+NzU=

=G8p3

—–END PGP SIGNATURE—–

Share this article