The Hacker News ·EN News source Patch releasedNetScaler ADCNetScaler Gateway
Citrix Patches Six NetScaler Flaws Allowing File Read and Denial-of-Service
CVE Tools coverage
Citrix has released security updates for NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) to remediate six vulnerabilities that could let an attacker perform arbitrary file reads or cause denial-of-service conditions. Affected CVEs include CVE-2026-8451, CVE-2026-8452, CVE-2026-8655, CVE-2026-10816, CVE-2026-10817, and CVE-2026-13474, impacting scenarios such as SAML parsing, gateway/AAA configurations, load balancing/DNS proxy deployments, and HTTP/2 handling. Fixes are available in specified 13.1 and 14.1 NetScaler releases, with additional configuration guidance required for CVE-2026-13474 via the Http2SmallWndTimeout setting when HTTP Strict Profiles are not used.