Security experts have identified several critical vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway, posing risks of denial-of-service (DoS) and memory overflow attacks. These vulnerabilities, categorized under CVE-2026-8451, CVE-2026-8452, CVE-2026-8655, CVE-2026-10816, CVE-2026-10817, and CVE-2026-13474, were made public in a security advisory on June 30, 2026.
Impact on Citrix NetScaler Systems
The Cloud Software Group has confirmed that these security issues affect several supported versions of NetScaler ADC and Gateway. Specifically, systems running NetScaler ADC and Gateway versions earlier than 14.1-72.61 and 13.1-63.18 are vulnerable. Additionally, NetScaler ADC FIPS versions before 14.1-72.61 FIPS and 13.1-37.272 are impacted.
Enterprises employing Secure Private Access Hybrid deployments through NetScaler instances are urged to update their systems promptly. The vulnerabilities arise from improper memory management and inadequate input validation, which attackers can exploit to cause memory overflow, potentially leading to serious service interruptions.
Potential Risks and Attack Scenarios
Unauthenticated attackers could exploit these weaknesses to disrupt essential network services by sending malicious requests to susceptible endpoints. Given their use in critical roles like load balancing and VPN gateway functions, NetScaler ADC and Gateway devices are attractive targets for malicious actors.
An effective denial-of-service attack on these systems can lead to extensive service disruptions, affecting enterprise applications, remote access infrastructure, and services accessed by customers. Although there is currently no evidence of these vulnerabilities being exploited, the high severity underscores the urgency of addressing them.
Mitigation Strategies and Recommendations
Citrix has released updates to resolve these vulnerabilities, and users are strongly encouraged to upgrade to NetScaler ADC and Gateway version 14.1-72.61 or later, and 13.1-63.18 or later. FIPS and NDcPP builds should also be updated to the latest secure versions. These updates rectify the underlying issues with memory handling and mitigate the risk of exploitation.
Organizations managing their own NetScaler infrastructure should act swiftly to apply these security patches. As part of a comprehensive security strategy, monitoring network logs for anomalous activities, such as unexpected service crashes or repeated connection attempts, can help detect potential exploitation.
In addition, implementing network segmentation and rate limiting can further minimize the risk of successful DoS attacks. Given the critical function of NetScaler devices within enterprise networks, timely updates and proactive monitoring are crucial to preventing service disruptions and ensuring continuous operations.
