3:00PM, 2 July 2026
TLP Rating:
Multiple vulnerabilities affecting Citrix NetScaler ADC and NetScaler Gateway products
Multiple vulnerabilities affecting multiple Citrix products are reported to be under active exploitation.
- CVE-2026-8451 (CVSS: 8.8): Insufficient input validation leading to memory overread
- CVE-2026-8452 (CVSS: 8.8): Memory overflow vulnerability leading to unpredictable or erroneous behaviour and Denial of Service
- CVE-2026-8655 (CVSS: 8.8): Multiple Memory overflow vulnerabilities leading to unpredictable or erroneous behaviour and Denial of Service
- CVE-2026-10816 (CVSS: 7.1): Arbitrary File Read (Unauthenticated) Access to NSIP, Cluster Management IP or SNIP with management access enabled
- CVE-2026-10817 (CVSS: 6.9): Insufficient input validation leading to memory overread
- CVE-2026-13474 (CVSS: 8.7): Denial of service via malformed HTTP/2 requests
The NCSC is aware of open-source reports of a proof-of-concept for at least one of the vulnerabilities identified.
Citrix have provided additional patching advice for selected vulnerabilities and steps for users to determine if they are running an instance vulnerable to the vulnerabilities in their advisory.
The NCSC encourages organisations in New Zealand that use the affected products to review the advisory External Link and apply the remediation as soon as possible. We also urge affected organisations to investigate unauthorised access or compromise of the affected products.
NB: This alert was updated on 3 July 2026 to correct a previous mistake in the product company name.
What's happening
Systems affected
The following supported versions of self-hosted NetScaler ADC and NetScaler Gateway are affected by these vulnerabilities:
- NetScaler ADC and NetScaler Gateway 14.1 BEFORE 14.1-72.61
- NetScaler ADC and NetScaler Gateway 13.1 BEFORE 13.1-63.18
- NetScaler ADC FIPS BEFORE 14.1-72.61 FIPS
- NetScaler ADC FIPS and NDcPP BEFORE 13.1-37.272
What to look for
How to tell if you're at risk
If you are running a Citrix NetScaler within the version range listed above.
How to tell if you're affected
Refer to the ‘Steps to determine if an appliance meets the CVE preconditions’ section in the vendor advisory.
What to do
Prevention
To prevent exploitation, the affected Citrix products need to be upgraded to the latest versions per the vendor advisory alongside any custom configurations listed in the advisory for selected CVEs.
More information
Read more about this alert on the vendor website:
External Link
CITRIX | Support External Link
If you require more information or further support, submit a report on our website:
How helpful was this page?
This site is protected by reCAPTCHA and the Google Privacy Policy External Link and Terms of Service External Link apply.