CVE Tools
Back to feed
The Hacker News ·EN News source Patch releasedNetScaler ADCNetScaler Gateway

Citrix Patches Six NetScaler Flaws Allowing File Read and Denial-of-Service

By The Hacker News··3 min read
CVE Tools coverage

Citrix has released security updates for NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) to remediate six vulnerabilities that could let an attacker perform arbitrary file reads or cause denial-of-service conditions. Affected CVEs include CVE-2026-8451, CVE-2026-8452, CVE-2026-8655, CVE-2026-10816, CVE-2026-10817, and CVE-2026-13474, impacting scenarios such as SAML parsing, gateway/AAA configurations, load balancing/DNS proxy deployments, and HTTP/2 handling. Fixes are available in specified 13.1 and 14.1 NetScaler releases, with additional configuration guidance required for CVE-2026-13474 via the Http2SmallWndTimeout setting when HTTP Strict Profiles are not used.