Search

Find a vulnerability

Search criteria

    8 vulnerabilities

    CVE-2026-13474 (GCVE-0-2026-13474)

    Vulnerability from cvelistv5 – Published: 2026-06-30 13:03 – Updated: 2026-06-30 13:27
    VLAI
    Title
    Denial of service via malformed HTTP/2 requests
    Summary
    Denial of service via malformed HTTP/2 requests in NetScaler ADC and NetScaler Gateway if HTTP/2 is enabled in HTTP Profile and associated with the virtual server (of type LB, CS, VPN) or the service configured on NetScaler
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-401 - Missing release of memory after effective lifetime
    Assigner
    Impacted products
    Vendor Product Version
    NetScaler ADC Affected: 14.1 , < 72.61 (patch)
    Affected: 13.1 , < 63.18 (patch)
    Affected: 14.1 FIPS , < 72.61 (patch)
    Affected: 13.1 FIPS and NDcPP , < 37.272 (patch)
    Create a notification for this product.
    NetScaler Gateway Affected: 14.1 , < 72.61 (patch)
    Affected: 13.1 , < 63.18 (patch)
    Create a notification for this product.
    Date Public
    2026-06-30 12:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-13474",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-30T13:27:19.468802Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T13:27:27.938Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ADC",
              "vendor": "NetScaler",
              "versions": [
                {
                  "lessThan": "72.61",
                  "status": "affected",
                  "version": "14.1",
                  "versionType": "patch"
                },
                {
                  "lessThan": "63.18",
                  "status": "affected",
                  "version": "13.1",
                  "versionType": "patch"
                },
                {
                  "lessThan": "72.61",
                  "status": "affected",
                  "version": "14.1 FIPS",
                  "versionType": "patch"
                },
                {
                  "lessThan": "37.272",
                  "status": "affected",
                  "version": "13.1 FIPS and NDcPP",
                  "versionType": "patch"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Gateway",
              "vendor": "NetScaler",
              "versions": [
                {
                  "lessThan": "72.61",
                  "status": "affected",
                  "version": "14.1",
                  "versionType": "patch"
                },
                {
                  "lessThan": "63.18",
                  "status": "affected",
                  "version": "13.1",
                  "versionType": "patch"
                }
              ]
            }
          ],
          "datePublic": "2026-06-30T12:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cspan\u003eDenial of service via malformed HTTP/2 requests in\u0026nbsp;\u003c/span\u003e\u003cspan\u003eNetScaler ADC and NetScaler Gateway\u003c/span\u003e\u003cspan\u003e\u0026nbsp;if\u0026nbsp;\u003c/span\u003e\u003cspan\u003eHTTP/2 is enabled in HTTP Profile and associated with the virtual server (of type LB, CS, VPN) or the service configured on NetScaler\u003c/span\u003e\u003cbr\u003e\u003c/div\u003e"
                }
              ],
              "value": "Denial of service via malformed HTTP/2 requests in\u00a0NetScaler ADC and NetScaler Gateway\u00a0if\u00a0HTTP/2 is enabled in HTTP Profile and associated with the virtual server (of type LB, CS, VPN) or the service configured on NetScaler"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-401",
                  "description": "CWE-401 Missing release of memory after effective lifetime",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T13:04:29.537Z",
            "orgId": "50a63c94-1ea7-4568-8c11-eb79e7c5a2b5",
            "shortName": "NetScaler"
          },
          "references": [
            {
              "url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696604"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Denial of service via malformed HTTP/2 requests",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "50a63c94-1ea7-4568-8c11-eb79e7c5a2b5",
        "assignerShortName": "NetScaler",
        "cveId": "CVE-2026-13474",
        "datePublished": "2026-06-30T13:03:40.967Z",
        "dateReserved": "2026-06-26T22:24:26.657Z",
        "dateUpdated": "2026-06-30T13:27:27.938Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10817 (GCVE-0-2026-10817)

    Vulnerability from cvelistv5 – Published: 2026-06-30 12:58 – Updated: 2026-06-30 13:28
    VLAI
    Title
    Insufficient input validation leading to memory overread
    Summary
    Insufficient input validation leading to memory overread in NetScaler ADC and NetScaler Gateway if the TCP TimeStamp is enabled in TCP Profile and is associated with the virtual server (of type LB, CS, VPN) or the service configured on NetScaler
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    NetScaler ADC Affected: 14.1 , < 72.61 (patch)
    Affected: 13.1 , < 63.18 (patch)
    Affected: 14.1 FIPS , < 72.61 (patch)
    Affected: 13.1 FIPS and NDcPP , < 37.272 (patch)
    Create a notification for this product.
    NetScaler Gateway Affected: 14.1 , < 72.61 (patch)
    Affected: 13.1 , < 63.18 (patch)
    Create a notification for this product.
    Date Public
    2026-06-30 12:52
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10817",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-30T13:28:08.900923Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T13:28:19.305Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ADC",
              "vendor": "NetScaler",
              "versions": [
                {
                  "lessThan": "72.61",
                  "status": "affected",
                  "version": "14.1",
                  "versionType": "patch"
                },
                {
                  "lessThan": "63.18",
                  "status": "affected",
                  "version": "13.1",
                  "versionType": "patch"
                },
                {
                  "lessThan": "72.61",
                  "status": "affected",
                  "version": "14.1 FIPS",
                  "versionType": "patch"
                },
                {
                  "lessThan": "37.272",
                  "status": "affected",
                  "version": "13.1 FIPS and NDcPP",
                  "versionType": "patch"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Gateway",
              "vendor": "NetScaler",
              "versions": [
                {
                  "lessThan": "72.61",
                  "status": "affected",
                  "version": "14.1",
                  "versionType": "patch"
                },
                {
                  "lessThan": "63.18",
                  "status": "affected",
                  "version": "13.1",
                  "versionType": "patch"
                }
              ]
            }
          ],
          "datePublic": "2026-06-30T12:52:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan\u003eInsufficient input validation leading to memory overread in\u0026nbsp;\u003c/span\u003e\u003cspan\u003eNetScaler ADC and NetScaler Gateway if the\u0026nbsp;\u003c/span\u003e\u003cspan\u003eTCP TimeStamp is enabled in TCP Profile and is associated with the virtual server (of type LB, CS, VPN) or the service configured on NetScaler\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "Insufficient input validation leading to memory overread in\u00a0NetScaler ADC and NetScaler Gateway if the\u00a0TCP TimeStamp is enabled in TCP Profile and is associated with the virtual server (of type LB, CS, VPN) or the service configured on NetScaler"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T12:58:38.850Z",
            "orgId": "50a63c94-1ea7-4568-8c11-eb79e7c5a2b5",
            "shortName": "NetScaler"
          },
          "references": [
            {
              "url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696604"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Insufficient input validation leading to memory overread",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "50a63c94-1ea7-4568-8c11-eb79e7c5a2b5",
        "assignerShortName": "NetScaler",
        "cveId": "CVE-2026-10817",
        "datePublished": "2026-06-30T12:58:38.850Z",
        "dateReserved": "2026-06-04T05:49:25.173Z",
        "dateUpdated": "2026-06-30T13:28:19.305Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10816 (GCVE-0-2026-10816)

    Vulnerability from cvelistv5 – Published: 2026-06-30 12:52 – Updated: 2026-06-30 13:28
    VLAI
    Title
    Arbitrary File Read (Unauthenticated)
    Summary
    Arbitrary File Read (Unauthenticated) in NetScaler ADC and NetScaler Gateway if the access to NSIP, Cluster Management IP or SNIP with management access is enabled
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-73 - External control of file name or path
    Assigner
    Impacted products
    Vendor Product Version
    NetScaler ADC Affected: 14.1 , < 72.61 (patch)
    Affected: 13.1 , < 63.18 (patch)
    Affected: 14.1 FIPS , < 72.61 (patch)
    Affected: 13.1 FIPS and NDcPP , < 37.272 (patch)
    Create a notification for this product.
    NetScaler Gateway Affected: 14.1 , < 72.61 (patch)
    Affected: 13.1 , < 63.18 (patch)
    Create a notification for this product.
    Date Public
    2026-06-30 12:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10816",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-30T13:28:37.909957Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T13:28:45.455Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ADC",
              "vendor": "NetScaler",
              "versions": [
                {
                  "lessThan": "72.61",
                  "status": "affected",
                  "version": "14.1",
                  "versionType": "patch"
                },
                {
                  "lessThan": "63.18",
                  "status": "affected",
                  "version": "13.1",
                  "versionType": "patch"
                },
                {
                  "lessThan": "72.61",
                  "status": "affected",
                  "version": "14.1 FIPS",
                  "versionType": "patch"
                },
                {
                  "lessThan": "37.272",
                  "status": "affected",
                  "version": "13.1 FIPS and NDcPP",
                  "versionType": "patch"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Gateway",
              "vendor": "NetScaler",
              "versions": [
                {
                  "lessThan": "72.61",
                  "status": "affected",
                  "version": "14.1",
                  "versionType": "patch"
                },
                {
                  "lessThan": "63.18",
                  "status": "affected",
                  "version": "13.1",
                  "versionType": "patch"
                }
              ]
            }
          ],
          "datePublic": "2026-06-30T12:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cspan\u003eArbitrary File Read (Unauthenticated) in\u0026nbsp;\u003c/span\u003e\u003cspan\u003eNetScaler ADC and NetScaler Gateway if the a\u003c/span\u003e\u003cspan\u003eccess to NSIP, Cluster Management IP or SNIP with management access is enabled\u003c/span\u003e\u003cbr\u003e\u003c/div\u003e"
                }
              ],
              "value": "Arbitrary File Read (Unauthenticated) in\u00a0NetScaler ADC and NetScaler Gateway if the access to NSIP, Cluster Management IP or SNIP with management access is enabled"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73 External control of file name or path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T12:59:25.926Z",
            "orgId": "50a63c94-1ea7-4568-8c11-eb79e7c5a2b5",
            "shortName": "NetScaler"
          },
          "references": [
            {
              "url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696604"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Arbitrary File Read (Unauthenticated)",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "50a63c94-1ea7-4568-8c11-eb79e7c5a2b5",
        "assignerShortName": "NetScaler",
        "cveId": "CVE-2026-10816",
        "datePublished": "2026-06-30T12:52:14.461Z",
        "dateReserved": "2026-06-04T05:48:47.634Z",
        "dateUpdated": "2026-06-30T13:28:45.455Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8655 (GCVE-0-2026-8655)

    Vulnerability from cvelistv5 – Published: 2026-06-30 12:46 – Updated: 2026-06-30 13:33
    VLAI
    Title
    Multiple Memory overflow vulnerabilities leading to unpredictable or erroneous behavior and Denial of Service
    Summary
    Multiple Memory overflow vulnerabilities in NetScaler ADC and NetScaler Gateway leading to unpredictable or erroneous behavior and Denial of Service if NetScaler ADC is configured as an LB of type Oracle OR NetScaler ADC is configured as a DNS Proxy OR NetScaler ADC is configured as a DNS recursive resolver deployment
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
    Assigner
    Impacted products
    Vendor Product Version
    NetScaler ADC Affected: 14.1 , < 72.61 (patch)
    Affected: 13.1 , < 63.18 (patch)
    Affected: 14.1 FIPS , < 72.61 (patch)
    Affected: 13.1 FIPS and NDcPP , < 37.272 (patch)
    Create a notification for this product.
    NetScaler Gateway Affected: 14.1 , < 72.61 (patch)
    Affected: 13.1 , < 63.18 (patch)
    Create a notification for this product.
    Date Public
    2026-06-30 12:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8655",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-30T13:33:42.732082Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-119",
                    "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T13:33:48.823Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ADC",
              "vendor": "NetScaler",
              "versions": [
                {
                  "lessThan": "72.61",
                  "status": "affected",
                  "version": "14.1",
                  "versionType": "patch"
                },
                {
                  "lessThan": "63.18",
                  "status": "affected",
                  "version": "13.1",
                  "versionType": "patch"
                },
                {
                  "lessThan": "72.61",
                  "status": "affected",
                  "version": "14.1 FIPS",
                  "versionType": "patch"
                },
                {
                  "lessThan": "37.272",
                  "status": "affected",
                  "version": "13.1 FIPS and NDcPP",
                  "versionType": "patch"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Gateway",
              "vendor": "NetScaler",
              "versions": [
                {
                  "lessThan": "72.61",
                  "status": "affected",
                  "version": "14.1",
                  "versionType": "patch"
                },
                {
                  "lessThan": "63.18",
                  "status": "affected",
                  "version": "13.1",
                  "versionType": "patch"
                }
              ]
            }
          ],
          "datePublic": "2026-06-30T12:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan\u003eMultiple Memory overflow vulnerabilities in\u0026nbsp;\u003c/span\u003e\u003cspan\u003eNetScaler ADC and NetScaler Gateway\u0026nbsp;\u003c/span\u003e\u003cspan\u003eleading to unpredictable or erroneous behavior and Denial of Service if\u0026nbsp;\u003c/span\u003e\u003cspan\u003eNetScaler ADC is configured as an LB of type Oracle\u0026nbsp;\u003c/span\u003e\u003cstrong\u003eOR\u0026nbsp;\u003c/strong\u003e\u003cspan\u003eNetScaler ADC is configured as a DNS Proxy\u0026nbsp;\u003c/span\u003e\u003cstrong\u003eOR\u003c/strong\u003e\u003cspan\u003e\u0026nbsp;\u003c/span\u003e\u003cspan\u003eNetScaler ADC is configured as a DNS recursive resolver deployment\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "Multiple Memory overflow vulnerabilities in\u00a0NetScaler ADC and NetScaler Gateway\u00a0leading to unpredictable or erroneous behavior and Denial of Service if\u00a0NetScaler ADC is configured as an LB of type Oracle\u00a0OR\u00a0NetScaler ADC is configured as a DNS Proxy\u00a0OR\u00a0NetScaler ADC is configured as a DNS recursive resolver deployment"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T12:58:38.118Z",
            "orgId": "50a63c94-1ea7-4568-8c11-eb79e7c5a2b5",
            "shortName": "NetScaler"
          },
          "references": [
            {
              "url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696604"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Multiple Memory overflow vulnerabilities leading to unpredictable or erroneous behavior and Denial of Service",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "50a63c94-1ea7-4568-8c11-eb79e7c5a2b5",
        "assignerShortName": "NetScaler",
        "cveId": "CVE-2026-8655",
        "datePublished": "2026-06-30T12:46:28.140Z",
        "dateReserved": "2026-05-15T06:14:09.794Z",
        "dateUpdated": "2026-06-30T13:33:48.823Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8452 (GCVE-0-2026-8452)

    Vulnerability from cvelistv5 – Published: 2026-06-30 12:41 – Updated: 2026-06-30 13:37
    VLAI
    Title
    Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service
    Summary
    Memory overflow vulnerability NetScaler ADC and NetScaler Gateway leading to unpredictable or erroneous behavior and Denial of Service if the appliance is configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
    Assigner
    Impacted products
    Vendor Product Version
    NetScaler ADC Affected: 14.1 , < 72.61 (patch)
    Affected: 13.1 , < 63.18 (patch)
    Affected: 14.1 FIPS , < 72.61 (patch)
    Affected: 13.1 FIPS and NDcPP , < 37.272 (patch)
    Create a notification for this product.
    NetScaler Gateway Affected: 14.1 , < 72.61 (patch)
    Affected: 13.1 , < 63.18 (patch)
    Create a notification for this product.
    Date Public
    2026-06-30 12:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8452",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-30T13:36:43.132060Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-119",
                    "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T13:37:04.747Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ADC",
              "vendor": "NetScaler",
              "versions": [
                {
                  "lessThan": "72.61",
                  "status": "affected",
                  "version": "14.1",
                  "versionType": "patch"
                },
                {
                  "lessThan": "63.18",
                  "status": "affected",
                  "version": "13.1",
                  "versionType": "patch"
                },
                {
                  "lessThan": "72.61",
                  "status": "affected",
                  "version": "14.1 FIPS",
                  "versionType": "patch"
                },
                {
                  "lessThan": "37.272",
                  "status": "affected",
                  "version": "13.1 FIPS and NDcPP",
                  "versionType": "patch"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Gateway",
              "vendor": "NetScaler",
              "versions": [
                {
                  "lessThan": "72.61",
                  "status": "affected",
                  "version": "14.1",
                  "versionType": "patch"
                },
                {
                  "lessThan": "63.18",
                  "status": "affected",
                  "version": "13.1",
                  "versionType": "patch"
                }
              ]
            }
          ],
          "datePublic": "2026-06-30T12:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan\u003eMemory overflow vulnerability\u0026nbsp;\u003c/span\u003e\u003cspan\u003eNetScaler ADC and NetScaler Gateway\u0026nbsp;\u003c/span\u003e\u003cspan\u003eleading to unpredictable or erroneous behavior and Denial of Service if the a\u003c/span\u003e\u003cspan\u003eppliance is configured as a\u0026nbsp;\u003c/span\u003e\u003cspan\u003eGateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or \u003c/span\u003e\u003cspan\u003eAAA virtual server\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "Memory overflow vulnerability\u00a0NetScaler ADC and NetScaler Gateway\u00a0leading to unpredictable or erroneous behavior and Denial of Service if the appliance is configured as a\u00a0Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:L/SI:L/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T12:57:25.158Z",
            "orgId": "50a63c94-1ea7-4568-8c11-eb79e7c5a2b5",
            "shortName": "NetScaler"
          },
          "references": [
            {
              "url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696604"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "50a63c94-1ea7-4568-8c11-eb79e7c5a2b5",
        "assignerShortName": "NetScaler",
        "cveId": "CVE-2026-8452",
        "datePublished": "2026-06-30T12:41:07.622Z",
        "dateReserved": "2026-05-13T00:35:55.317Z",
        "dateUpdated": "2026-06-30T13:37:04.747Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8451 (GCVE-0-2026-8451)

    Vulnerability from cvelistv5 – Published: 2026-06-30 12:33 – Updated: 2026-06-30 13:43
    VLAI KEVIntel
    Title
    Insufficient input validation leading to memory overread
    Summary
    Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to memory overread if NetScaler ADC or NetScaler Gateway is configured as a SAML IDP
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • awe-125
    • CWE-125 - Out-of-bounds Read
    Assigner
    Impacted products
    Vendor Product Version
    NetScaler ADC Affected: 14.1 , < 72.61 (patch)
    Affected: 13.1 , < 63.18 (patch)
    Affected: 14.1 FIPs , < 72.61 (patch)
    Affected: 13.1 FIPS and NDcPP , < 37.272 (patch)
    Create a notification for this product.
    NetScaler Gateway Affected: 14.1 , < 72.61 (patch)
    Affected: 13.1 , < 63.18 (patch)
    Create a notification for this product.
    Date Public
    2026-06-30 12:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8451",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-30T13:43:33.940474Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-125",
                    "description": "CWE-125 Out-of-bounds Read",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T13:43:41.903Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ADC",
              "vendor": "NetScaler",
              "versions": [
                {
                  "lessThan": "72.61",
                  "status": "affected",
                  "version": "14.1",
                  "versionType": "patch"
                },
                {
                  "lessThan": "63.18",
                  "status": "affected",
                  "version": "13.1",
                  "versionType": "patch"
                },
                {
                  "lessThan": "72.61",
                  "status": "affected",
                  "version": "14.1 FIPs",
                  "versionType": "patch"
                },
                {
                  "lessThan": "37.272",
                  "status": "affected",
                  "version": "13.1 FIPS and NDcPP",
                  "versionType": "patch"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Gateway",
              "vendor": "NetScaler",
              "versions": [
                {
                  "lessThan": "72.61",
                  "status": "affected",
                  "version": "14.1",
                  "versionType": "patch"
                },
                {
                  "lessThan": "63.18",
                  "status": "affected",
                  "version": "13.1",
                  "versionType": "patch"
                }
              ]
            }
          ],
          "datePublic": "2026-06-30T12:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan\u003eInsufficient input validation in\u0026nbsp;\u003c/span\u003e\u003cspan\u003eNetScaler ADC and NetScaler Gateway\u003c/span\u003e\u003cspan\u003e\u0026nbsp;leading to memory overread if\u0026nbsp;\u003c/span\u003e\u003cspan\u003eNetScaler ADC or NetScaler Gateway is configured as a SAML IDP\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "Insufficient input validation in\u00a0NetScaler ADC and NetScaler Gateway\u00a0leading to memory overread if\u00a0NetScaler ADC or NetScaler Gateway is configured as a SAML IDP"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "awe-125",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T12:55:53.680Z",
            "orgId": "50a63c94-1ea7-4568-8c11-eb79e7c5a2b5",
            "shortName": "NetScaler"
          },
          "references": [
            {
              "url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696604"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Insufficient input validation leading to memory overread",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "50a63c94-1ea7-4568-8c11-eb79e7c5a2b5",
        "assignerShortName": "NetScaler",
        "cveId": "CVE-2026-8451",
        "datePublished": "2026-06-30T12:33:08.999Z",
        "dateReserved": "2026-05-13T00:35:53.452Z",
        "dateUpdated": "2026-06-30T13:43:41.903Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3055 (GCVE-0-2026-3055)

    Vulnerability from cvelistv5 – Published: 2026-03-23 20:21 – Updated: 2026-03-31 03:55
    Title
    Insufficient input validation leading to memory overread
    Summary
    Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    NetScaler ADC Affected: 14.1 , < 66.59 (patch)
    Affected: 13.1 , < 62.23 (patch)
    Affected: 13.1 FIPS and NDcPP , < 37.262 (patch)
    Create a notification for this product.
    NetScaler Gateway Affected: 14.1 , < 66.59 (patch)
    Affected: 13.1 , < 62.23 (patch)
    Create a notification for this product.
    Date Public
    2026-03-23 19:20
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3055",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-23T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2026-03-30",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-3055"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-31T03:55:32.569Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "third-party-advisory"
                ],
                "url": "https://labs.watchtowr.com/please-we-beg-just-one-weekend-free-of-appliances-citrix-netscaler-cve-2026-3055-memory-overread-part-2/"
              },
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-3055"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-03-30T00:00:00.000Z",
                "value": "CVE-2026-3055 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ADC",
              "vendor": "NetScaler",
              "versions": [
                {
                  "lessThan": "66.59",
                  "status": "affected",
                  "version": "14.1",
                  "versionType": "patch"
                },
                {
                  "lessThan": "62.23",
                  "status": "affected",
                  "version": "13.1",
                  "versionType": "patch"
                },
                {
                  "lessThan": "37.262",
                  "status": "affected",
                  "version": "13.1 FIPS and NDcPP",
                  "versionType": "patch"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Gateway",
              "vendor": "NetScaler",
              "versions": [
                {
                  "lessThan": "66.59",
                  "status": "affected",
                  "version": "14.1",
                  "versionType": "patch"
                },
                {
                  "lessThan": "62.23",
                  "status": "affected",
                  "version": "13.1",
                  "versionType": "patch"
                }
              ]
            }
          ],
          "datePublic": "2026-03-23T19:20:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insufficient input validation in\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNetScaler ADC and NetScaler Gateway when\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;configured as a SAML IDP\u0026nbsp;\u003c/span\u003eleading to\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;memory overread\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "Insufficient input validation in\u00a0NetScaler ADC and NetScaler Gateway when\u00a0configured as a SAML IDP\u00a0leading to\u00a0memory overread"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-23T20:21:27.107Z",
            "orgId": "50a63c94-1ea7-4568-8c11-eb79e7c5a2b5",
            "shortName": "NetScaler"
          },
          "references": [
            {
              "url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Insufficient input validation leading to memory overread",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "50a63c94-1ea7-4568-8c11-eb79e7c5a2b5",
        "assignerShortName": "NetScaler",
        "cveId": "CVE-2026-3055",
        "datePublished": "2026-03-23T20:21:27.107Z",
        "dateReserved": "2026-02-23T18:00:08.900Z",
        "dateUpdated": "2026-03-31T03:55:32.569Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-4368 (GCVE-0-2026-4368)

    Vulnerability from cvelistv5 – Published: 2026-03-23 20:09 – Updated: 2026-05-10 13:00
    VLAI KEVIntel
    Title
    Race Condition leading to User Session Mixup
    Summary
    Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server leading to User Session Mixup
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
    Assigner
    Impacted products
    Vendor Product Version
    NetScaler ADC Affected: 14.1.66.54 (patch)
    Create a notification for this product.
    NetScaler Gateway Affected: 14.1.66.54
    Create a notification for this product.
    Date Public
    2026-03-23 20:02
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4368",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-24T03:56:06.911644Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-362",
                    "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-10T13:00:44.656Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ADC",
              "vendor": "NetScaler",
              "versions": [
                {
                  "status": "affected",
                  "version": "14.1.66.54",
                  "versionType": "patch"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Gateway",
              "vendor": "NetScaler",
              "versions": [
                {
                  "status": "affected",
                  "version": "14.1.66.54"
                }
              ]
            }
          ],
          "datePublic": "2026-03-23T20:02:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan\u003eRace Condition in\u0026nbsp;\u003c/span\u003e\u003cspan\u003eNetScaler ADC and NetScaler Gateway when a\u003c/span\u003e\u003cspan\u003eppliance is configured as\u0026nbsp;\u003c/span\u003e\u003cspan\u003eGateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or\u003c/span\u003e\u003cspan\u003e\u0026nbsp;\u003c/span\u003e\u003cspan\u003eAAA virtual server\u003c/span\u003e\u003cspan\u003e\u0026nbsp;leading to User Session Mixup\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "Race Condition in\u00a0NetScaler ADC and NetScaler Gateway when appliance is configured as\u00a0Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or\u00a0AAA virtual server\u00a0leading to User Session Mixup"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-23T20:09:44.971Z",
            "orgId": "50a63c94-1ea7-4568-8c11-eb79e7c5a2b5",
            "shortName": "NetScaler"
          },
          "references": [
            {
              "url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Race Condition leading to User Session Mixup",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "50a63c94-1ea7-4568-8c11-eb79e7c5a2b5",
        "assignerShortName": "NetScaler",
        "cveId": "CVE-2026-4368",
        "datePublished": "2026-03-23T20:09:44.971Z",
        "dateReserved": "2026-03-18T05:23:50.518Z",
        "dateUpdated": "2026-05-10T13:00:44.656Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }