Citrix has released security updates to fix six vulnerabilities affecting NetScaler ADC and NetScaler Gateway appliances. According to the company, these flaws could allow attackers to read sensitive files without authentication or cause affected systems to stop responding through denial-of-service (DoS) attacks. The vulnerabilities impact several NetScaler deployments depending on how they are configured. Citrix has strongly advised customers to install the latest updates as soon as possible to reduce security risks.

The most serious issue is tracked as CVE-2026-10816 with a CVSS score of 7.7. It is an arbitrary file-read vulnerability that allows an unauthenticated attacker to access files if management access is enabled on the NetScaler IP, Cluster Management IP, or SNIP. Successful exploitation depends on specific management configurations being exposed. Organizations using these settings are encouraged to review their deployments immediately.
Citrix also fixed CVE-2026-8655, which carries a CVSS score of 8.8. This vulnerability includes multiple memory overflow issues that can lead to denial-of-service attacks when NetScaler is configured as an Oracle load balancer, DNS proxy, or DNS recursive resolver. If exploited, the affected appliance may behave unpredictably or become unavailable. Systems using these features should be updated without delay.

Another high-severity flaw, CVE-2026-8452, also has a CVSS score of 8.8. It affects NetScaler Gateway and AAA virtual server deployments, including SSL VPN, ICA Proxy, CVPN, and RDP Proxy configurations. The vulnerability is caused by a memory overflow that could trigger a denial-of-service condition. Administrators using these services are advised to apply the security patches immediately.
Citrix has also addressed CVE-2026-8451, an insufficient input validation flaw with a CVSS score of 8.8. This issue affects NetScaler devices configured as a SAML Identity Provider and can result in a memory overread. While it does not directly execute code, an attacker may be able to access information stored in memory under specific conditions. Proper patching is the recommended protection against this risk.

The remaining vulnerabilities include CVE-2026-13474 and CVE-2026-14306, both rated with a CVSS score of 6.9. One of these flaws allows specially crafted HTTP/2 requests to trigger a denial-of-service attack when HTTP/2 is enabled in certain virtual server configurations. The other vulnerability can also cause service disruption under specific deployment conditions. Although rated lower, Citrix recommends fixing them along with the higher-severity issues.
Citrix has confirmed that there is currently no evidence showing these six newly disclosed vulnerabilities have been exploited in real-world attacks. Even so, security experts recommend patching immediately because NetScaler appliances are widely used in enterprise environments and have been targeted by attackers in previous campaigns. Delaying updates could increase the risk if public exploit code becomes available. Timely patching remains the best defense.

Organizations should identify vulnerable NetScaler ADC and NetScaler Gateway systems, install the latest security updates, and verify that unnecessary management access is disabled wherever possible. Reviewing exposed services and limiting administrative interfaces can further reduce the attack surface. Applying Citrix’s recommended fixes will help protect business networks from file disclosure and denial-of-service attacks while maintaining the security and availability of critical infrastructure.
Stay alert, and keep your security measures updated!
Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news