CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

Citrix security advisory (AV26-645) – Update 1

criticalpublic exploitCVE-2026-8451CVE-2026-8452CVE-2026-8655CVE-2026-10816CVE-2026-10817CVE-2026-13474
Serial number: AV26-645 Date: June 30, 2026 Updated: July 2, 2026 On June 30, 2026, Citrix published a security advisory to address critical vulnerabilities in the following products: NetScaler ADC and NetScaler Gateway - versions 14.1 before 14.1-72.61 NetScaler ADC and NetScaler Gateway - versions 13.1 before 13.1-63.18 NetScaler ADC FIPS – versions before 14.1-72.61 FIPS NetScaler ADC FIPS and NDcPP – versions before 13.1-37.272 Update 1 Open-source reporting indicates that CVE-2026-8451 is being exploited. The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates. NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2026-8451, CVE-2026-8452, CVE-2026-8655, CVE-2026-10816, CVE-2026-10817, and CVE-2026-13474 Citrix Security Advisories

CSIRTS triage

What
Critical vulnerabilities related to insufficient input validation and memory management have been identified.
Who is affected
Users of NetScaler ADC and NetScaler Gateway running affected versions.
Urgency
Remediation is critical as one of the vulnerabilities is reportedly being exploited.
Action
Review the security bulletin and apply updates immediately.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch NetScaler ADC and NetScaler Gateway

Get an email when a new NetScaler ADC and NetScaler Gateway advisory drops — max one per day, one-click unsubscribe.

Details

Source
Canadian Centre for Cyber Security (CA · national-cert · site)
Severity
critical
Published
2026-06-30
Exploitation
Not in CISA KEV at last sync

Original advisory: https://cyber.gc.ca/en/alerts-advisories/citrix-security-advisory-av26-645

Exploitation outlook

EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.

Referenced CVEs

CVECSIRTS overviewExternal
CVE-2026-8451coverage & exploitation statusNVD · CVE.org
CVE-2026-8452coverage & exploitation statusNVD · CVE.org
CVE-2026-8655coverage & exploitation statusNVD · CVE.org
CVE-2026-10816coverage & exploitation statusNVD · CVE.org
CVE-2026-10817coverage & exploitation statusNVD · CVE.org
CVE-2026-13474coverage & exploitation statusNVD · CVE.org

Same CVEs, other sources

How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.

More from Canadian Centre for Cyber Security