NCSC-2026-0216 [1.00] [M/H] Vulnerabilities fixed in Citrix Netscaler ADC and Netscaler Gateway
Citrix has fixed vulnerabilities in NetScaler ADC and NetScaler Gateway related to insufficient input validation, improper access control, and incorrect memory release. The vulnerabilities with CVE-2026-8451 and CVE-2026-10817 arise from insufficient input validation, where the software does not correctly check input sizes and limits. This can lead to memory overreads, potentially resulting in unauthorized disclosure of sensitive information when the products are configured as SAML IDP, or when TCP TimeStamp is enabled on a TCP profile linked to a virtual server of type: Load Balancing (LB), Content Switching (CS), or VPN. The vulnerabilities with CVE-2026-8452 and CVE-2026-8655 are in the way memory is managed in NetScaler ADC and NetScaler Gateway. This can lead to a denial-of-service (DoS) or unwanted control flow when the products are configured as Gateway, DNS proxy, recursive DNS resolver, or AAA virtual server. The vulnerability with CVE-2026-13474 arises from incorrect memory release. Malicious actors can exploit this vulnerability to cause a denial-of-service (DoS) via specially crafted HTTP/2 requests. The vulnerability with CVE-2026-10816 concerns an access control issue within the Management Interface. Unauthenticated malicious actors can exploit this vulnerability to read arbitrary files, potentially resulting in unauthorized disclosure of sensitive information. Researchers have shared Proof-of-Concept (PoC) code demonstrating the vulnerability with CVE-2026-8451.
CSIRTS triage
- What
- Insufficient input validation and improper memory management can lead to unauthorized information disclosure and denial-of-service.
- Who is affected
- Users of NetScaler ADC and NetScaler Gateway configured as SAML IDP or with TCP TimeStamp enabled.
- Urgency
- Remediation is urgent due to the potential for exploitation and critical nature of the vulnerabilities.
- Action
- Apply the necessary updates as specified in the advisory.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch NetScaler ADC and NetScaler Gateway
Get an email when a new NetScaler ADC and NetScaler Gateway advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://advisories.ncsc.nl/advisory?id=NCSC-2026-0216
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2026-84510.50% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 39% of all scored CVEs.
- Low exploitation riskCVE-2026-108170.41% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 33% of all scored CVEs.
- Low exploitation riskCVE-2026-84520.49% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 38% of all scored CVEs.
- Low exploitation riskCVE-2026-86550.46% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 37% of all scored CVEs.
- Low exploitation riskCVE-2026-134740.44% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 35% of all scored CVEs.
- Low exploitation riskCVE-2026-108160.41% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 33% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2026-8451 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-10817 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-8452 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-8655 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-13474 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-10816 | coverage & exploitation status | NVD · CVE.org |
Same CVEs, other sources
How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.
- unknownCitrix Products Multiple Vulnerabilitieshkcert
- unknownAL26-016 - Vulnerability impacting Citrix NetScaler CVE-2026-8451cccs
- high[UPDATE] [high] Citrix Systems NetScaler ADC and Gateway: Multiple vulnerabilitiescert-bund
- unknownMultiple vulnerabilities in Citrix products (July 1, 2026)cert-fr-avis
- criticalCitrix security advisory (AV26-645) – Update 1cccs
- criticalCVE-2026-8655: Multiple Memory overflow vulnerabilities in NetScaler ADC and NetScaler Gateway leading to unpr…nvd
- criticalCVE-2026-8452: Memory overflow vulnerability NetScaler ADC and NetScaler Gateway leading to unpredictable or e…nvd
- highCVE-2026-8451: Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to memory overread…nvd
- highCVE-2026-13474: Denial of service via malformed HTTP/2 requests in NetScaler ADC and NetScaler Gateway if HTTP…nvd
- highCVE-2026-10817: Insufficient input validation leading to memory overread in NetScaler ADC and NetScaler Gatewa…nvd
- highCVE-2026-10816: Arbitrary File Read (Unauthenticated) in NetScaler ADC and NetScaler Gateway if the access to …nvd
Recent advisories for Citrix Netscaler ADC
A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.
- high[UPDATE] [high] Citrix Systems NetScaler ADC and Gateway: Multiple vulnerabilitiescert-bund · 2026-07-02
- unknown2026-003: Multiple Vulnerabilities in Citrix NetScaler and Citrix ADCcert-eu · 2026-03-23
- unknownexploitedVulnerability in Citrix NetScaler ADC and NetScaler Gateway (August 26, 2025)cert-fr-alerte · 2025-08-26
- criticalexploitedCVE-2025-5777: Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerabilitycisa-kev · 2025-07-10
- unknownMultiple vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway (July 1, 2025)cert-fr-alerte · 2025-07-01
- criticalexploitedCVE-2025-6543: Citrix NetScaler ADC and Gateway Buffer Overflow Vulnerabilitycisa-kev · 2025-06-30
More from NCSC-NL Advisories
- unknownNCSC-2026-0223 [1.00] [M/H] Vulnerabilities fixed in BeyondTrust Remote Support and Privileged Remote Access2026-07-10
- unknownNCSC-2026-0222 [1.00] [M/H] Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition2026-07-10
- unknownNCSC-2026-0221 [1.00] [M/H] Vulnerabilities fixed in UniFi products from Ubiquiti Networks2026-07-07
- unknownNCSC-2026-0220 [1.00] [M/H] Vulnerabilities fixed in Rancher by Rancher Labs2026-07-03
- unknownNCSC-2026-0219 [1.00] [M/H] Vulnerabilities fixed in GitHub Enterprise Server2026-07-03