CVE-2026-10817 – NetScaler ADC and Gateway
“A secure gateway depends on every exposed service handling untrusted traffic safely.”
This update addresses six vulnerabilities affecting NetScaler ADC and NetScaler Gateway. CVE-2026-8451, CVE-2026-8452, CVE-2026-8655, CVE-2026-10816, and CVE-2026-13474 are High severity vulnerabilities with CVSS scores of 8.8, 8.8, 8.8, 7.1, and 8.7, respectively. CVE-2026-10817 has a CVSS score of 6.9, which is Medium severity.
The vulnerabilities include insufficient input validation, memory overread, memory overflow, arbitrary file read, and denial-of-service conditions. Depending on the deployment, affected systems configured as SAML Identity Providers, SSL VPN or AAA gateways, Oracle load balancers, DNS proxy or recursive resolvers, HTTP/2-enabled virtual servers, or management interfaces with enabled access may be vulnerable. The update strengthens input validation, memory handling, file access controls, and protocol processing to prevent unauthorized access, service disruption, and information disclosure. Attacks against the CVE-2026-8451 vulnerability have been reported.
Key Details
- Affected Product
- Citrix Netscaler Application Delivery Controller
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- CWE Classification
- CWE-125