
[CIVN-2026-0354] Multiple Vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
Multiple Vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway
Indian – Computer Emergency Response Team (https://www.cert-in.org.in)
Severity Rating: HIGH
Software Affected
NetScaler ADC and NetScaler Gateway releases prior to 14.1-72.61
NetScaler ADC and NetScaler Gateway releases prior to 13.1-63.18
NetScaler ADC FIPS releases prior to 14.1-72.61-FIPS
NetScaler ADC FIPS and NDcPP releases prior to 13.1-37.272-FIPS/NDcPP
Overview
Multiple vulnerabilities have been reported in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway), which could allow an unauthenticated remote attacker to disclose sensitive information, read arbitrary files, or cause denial of service on the affected systems.
Target Audience:
All end-user organizations and individuals using Citrix NetScaler ADC and NetScaler Gateway.
Risk Assessment:
Risk of information disclosure, arbitrary file read, and denial of service on the affected systems.
Impact Assessment:
Disclosure of sensitive information, arbitrary file read, denial of service, and compromise of system availability.
Description
NetScaler ADC and NetScaler Gateway are application delivery controller (ADC) and secure remote access solutions used to provide load balancing, application delivery, and VPN services for enterprise environments.
Multiple vulnerabilities have been identified in NetScaler ADC and NetScaler Gateway due to memory handling issues, insufficient input validation, improper access control, and implementation flaws in various service components. Depending on the appliance configuration, these vulnerabilities may lead to memory over-read, memory overflow, arbitrary file read, or denial of service.
Successful exploitation of these vulnerabilities could allow an unauthenticated remote attacker to disclose sensitive information from memory, read arbitrary files, or cause denial of service and unpredictable behavior on the affected appliance.
Solution
Apply appropriate security updates and mitigations as mentioned in the vendor advisory:
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696604
Vendor Information
Citrix
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696604
References
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696604
CVE Name
CVE-2026-8451
CVE-2026-8452
CVE-2026-8655
CVE-2026-10816
CVE-2026-10817
CVE-2026-13474
– —
Thanks and Regards,
CERT-In
Incident Response Help Desk
e-mail: incident@cert-in.org.in
Phone: +91-11-22902657
Toll Free Number: 1800-11-4949
Toll Free Fax : 1800-11-6969
Web: http://www.cert-in.org.in
PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4
PGP Key information:
https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS
Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmpH1I0ACgkQ3jCgcSdc
ys+Cgw//RGRGnvisHotcNbqJvDCgPTDIMKup7VkpaIXxMVHUen9zlqxmLudRLhEJ
FtoRXuNCXmGYX5X+DPyZ7zdLprDA44ISeMHsZ5nZeVWF66CPu1DjN8j+g+UX38T5
WvQWM4cyWpIDQfTU/APKxrD0py3Qf7JZwaUoiTLncH8n2b6XqGwzrXMQHBYGZa6E
K674I0/cAx/kJJ6sCzN/0Ae1UWi1S/AtShudx8qoxX1fts0CqCpyaTdOiyG+W3o8
pmmf7w6BcOcdk6iidddnJtx64V8td9oS8TyQmBkk6EGoPrErKVVT8EFDJNc+U9Pk
TTrcoCVAgTwfioU7zwQuzezZ7OSrxjmEar3gBzkzMDlAVrcIwu/LJhabYtxVNaxt
Vy/A0+DflDQUM+4bz9HdvTqX7zlFfL9vcFIkrv4FoEA2LLTNtRSjwwvI7BCHSsPv
cpytpb/QP6dCuRnaX71yd7Cj5QSdEIqBpuS6EwKvF5ODwNyBmoJVHpQ9312M4gK1
BgoMh/kj5o4Hn5gFJmFj6xKQY2/VLrdht1hJLr4OEbIrjhy4AKkUlwMHo9v8JH3J
HJRPp60ZJp4Taxrlj1emA55eIQU++r6GzUljz5MPy4DomY4y7TTp8aScTm+lRkbC
4pCrtfzotF7gWK6MZlahJZWPv5uhN34lXrzCm7YW8fYkE57+NzU=
=G8p3
—–END PGP SIGNATURE—–


