Description:
Citrix has released a security advisory to address multiple vulnerabilities in Citrix products or components. An attacker could exploit these vulnerabilities by sending specially crafted requests to an affected system.
Affected Systems:
- Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 14.1 prior to version 14.1-72.61
- Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 13.1 prior to version 13.1-63.18
- Citrix NetScaler Application Delivery Controller (ADC) FIPS prior to version 14.1-72.61 FIPS
- Citrix NetScaler Application Delivery Controller (ADC) FIPS and NDcPP prior to version 13.1-37.272
For detailed information of the affected systems, please refer to the corresponding security advisories at vendor's website.
Impact:
Successful exploitation of the vulnerabilities could lead to denial of service or information disclosure on an affected system.
Recommendation:
Patches for affected systems are now available. Administrators of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.
More Information:
- https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696604
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8451 (to CVE-2026-8452)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8655
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-10816 (to CVE-2026-10817)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-13474