Citrix has disclosed multiple high-severity vulnerabilities in its NetScaler ADC and NetScaler Gateway products, posing significant risks of denial-of-service (DoS) and memory overflow attacks. These vulnerabilities, identified as CVE-2026-8451, CVE-2026-8452, CVE-2026-8655, CVE-2026-10816, CVE-2026-10817, and CVE-2026-13474, were detailed in a security bulletin released on June 30, 2026.
The affected versions include NetScaler ADC and Gateway versions 14.1 before 14.1-72.61 and 13.1 before 13.1-63.18. Additionally, NetScaler ADC FIPS versions prior to 14.1-72.61 FIPS and 13.1-37.272 are vulnerable. Organizations utilizing Secure Private Access Hybrid deployments with NetScaler instances are also at risk and should prioritize immediate upgrades.
Details of the Vulnerabilities
The vulnerabilities arise from improper memory handling and insufficient input validation within the affected systems. Exploitation could allow attackers to induce memory overflow conditions, potentially leading to service crashes or resource exhaustion. In practical terms, unauthenticated attackers could disrupt critical network services by sending specially crafted requests to vulnerable endpoints.
Given the role of NetScaler ADC and Gateway devices as load balancers, VPN gateways, and application delivery controllers, a successful DoS attack could result in widespread service outages, impacting enterprise applications, remote access infrastructure, and customer-facing services.
Recommended Actions
Citrix has released patched versions to address these vulnerabilities. Users are strongly advised to upgrade to NetScaler ADC and Gateway 14.1-72.61 or later, and 13.1-63.18 or later. FIPS and NDcPP builds should also be updated to the corresponding secure versions. Applying these updates will correct the underlying memory-handling issues and mitigate potential attack vectors.
It’s important to note that Security Bulletin CTX696604 applies only to customer-managed NetScaler deployments. Citrix-managed cloud services and Adaptive Authentication platforms have already been updated by Cloud Software Group. Organizations managing their own infrastructure must take immediate action to secure their environments.
As a best practice, security teams should monitor logs for unusual traffic patterns, unexpected service crashes, or repeated connection attempts, which may indicate exploitation attempts. Implementing network segmentation and rate limiting can further reduce the risk of successful DoS attacks.
Given the critical role of NetScaler devices in enterprise networks, timely patching and proactive monitoring are essential to prevent service disruptions and maintain network security.
These vulnerabilities underscore the importance of maintaining up-to-date systems and adhering to best practices in network security. Organizations should prioritize patch management and continuous monitoring to safeguard against emerging threats.