CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

AL26-016 - Vulnerability impacting Citrix NetScaler CVE-2026-8451

unknownpublic exploitCVE-2026-8451CVE-2026-8452CVE-2026-8655CVE-2026-10816CVE-2026-10817CVE-2026-13474
Number: AL26-016 Date: July 2, 2026 Audience This Alert is intended for IT professionals and managers. Purpose An Alert is used to raise awareness of a recently identified cyber threat that may impact cyber information assets, and to provide additional detection and mitigation advice to recipients. The Canadian Centre for Cyber Security ("Cyber Centre") is also available to provide additional assistance regarding the content of this Alert to recipients as requested. Details The Cyber Centre is aware of a vulnerability impacting NetScaler ADC (formerly Citrix ADC), NetScaler Gateway (formerly Citrix Gateway) and NetScaler ADC FIPS (Federal Information Processing Standards) Footnote 1 Footnote 2 . In response to the vendor advisory released on June 30, 2026, the Cyber Centre released AV26-645 on June 30, 2026 Footnote 3 . Tracked as CVE-2026-8451 Footnote 4 , this vulnerability is an insufficient input validation (CWE-125) Footnote 5 vulnerability affecting many NetScaler ADC and NetScaler Gateway versions. If exploited, this vulnerability can lead to memory overread, if NetScaler ADC or NetScaler Gateway is configured as a Security Assertion Markup Language (SAML) Identity Provider (idP). The vulnerability only impacts customer-managed NetScaler ADC and NetScaler Gateway. The cloud services managed by Citrix have been upgraded with the necessary software updates related to this vulnerability. Suggested actions The Cyber Centre recommends that organizations using Citrix NetScaler ADC, NetScaler Gateway, NetScaler ADC FIPS and NFcPP Footnote 1 appliances update or upgrade the affected systems to the following versions: Affected Product Affected Versions Fixed Versions NetScaler ADC and NetScaler Gateway 14.1 14.1 before 14.1-72.61 14.1-72.61 NetScaler ADC and NetScaler Gateway 13.1 13.1 before 13.1-63.18 13.1-63.18 NetScaler ADC FIPS versions prior to 14.1-72.61 FIPS 14.1-72.61 NetScaler ADC FIPS and NDcPP versions prior to 13.1-37.272 13.1-37.272 The Cyber Centre reco

CSIRTS triage

What
A vulnerability impacting NetScaler ADC and Gateway has been identified.
Who is affected
IT professionals and managers using Citrix NetScaler products.
Urgency
The urgency is unknown, but the vulnerability may impact cyber information assets.
Action
Review the vendor advisory and apply any necessary mitigations.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch NetScaler

Get an email when a new NetScaler advisory drops — max one per day, one-click unsubscribe.

Details

Source
Canadian Centre for Cyber Security (CA · national-cert · site)
Severity
unknown
Published
2026-07-02
Exploitation
Not in CISA KEV at last sync

Original advisory: https://cyber.gc.ca/en/alerts-advisories/al26-016-vulnerability-impacting-citrix-netscaler-cve-2026-8451

Exploitation outlook

EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.

Referenced CVEs

CVECSIRTS overviewExternal
CVE-2026-8451coverage & exploitation statusNVD · CVE.org
CVE-2026-8452coverage & exploitation statusNVD · CVE.org
CVE-2026-8655coverage & exploitation statusNVD · CVE.org
CVE-2026-10816coverage & exploitation statusNVD · CVE.org
CVE-2026-10817coverage & exploitation statusNVD · CVE.org
CVE-2026-13474coverage & exploitation statusNVD · CVE.org

Same CVEs, other sources

How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.

More from Canadian Centre for Cyber Security