Citrix Fixes Six NetScaler Vulnerabilities Affecting File Access And Denial Of Service

Citrix Fixes Six NetScaler Vulnerabilities Affecting File Access And Denial Of Service

Citrix has released security updates to address six vulnerabilities affecting NetScaler ADC and NetScaler Gateway that could allow attackers to read arbitrary files or trigger denial of service conditions under specific configurations. The vulnerabilities impact several deployment scenarios, including systems configured as SAML Identity Providers, Gateway services, AAA virtual servers, Oracle load balancing deployments, DNS Proxy environments, recursive DNS resolver deployments, and appliances using HTTP2 or TCP TimeStamp features. According to Citrix, there is currently no evidence that any of the identified vulnerabilities have been exploited in active attacks. However, organizations using affected NetScaler deployments are advised to apply the latest software updates and review configuration recommendations to reduce potential security risks.

Among the disclosed issues, CVE 2026 8451 carries a CVSS score of 8.8 and results from insufficient input validation that can trigger memory overread when NetScaler ADC or NetScaler Gateway is configured as a SAML Identity Provider. Another vulnerability, CVE 2026 8452, also rated 8.8, is caused by a memory overflow that may result in unpredictable behavior or denial of service when the appliance operates as a Gateway or AAA virtual server. CVE 2026 8655, with a CVSS score of 8.8, consists of multiple memory overflow vulnerabilities affecting NetScaler ADC configured as an Oracle load balancer, DNS Proxy, or recursive DNS resolver, potentially causing service disruptions. Citrix also addressed CVE 2026 10816, which received a CVSS score of 7.7 and could permit unauthenticated arbitrary file reads when management access is enabled through NSIP, Cluster Management IP, or SNIP interfaces. Additional vulnerabilities include CVE 2026 10817, rated 6.9, involving memory overread when TCP TimeStamp is enabled within TCP profiles associated with supported virtual servers or services, and CVE 2026 13474, rated 8.7, which may allow denial of service through specially crafted HTTP2 requests because of improper memory management when HTTP2 is enabled within HTTP profiles.

Citrix has made fixes available in NetScaler ADC and NetScaler Gateway version 14.1 72.61 and later, version 13.1 63.18 and later, NetScaler ADC 14.1 FIPS version 14.1 72.61 FIPS and newer releases, along with NetScaler ADC 13.1 FIPS and 13.1 NDcPP version 13.1.37.272 and subsequent releases. In addition to installing the updates, customers affected by CVE 2026 13474 are advised to review and modify the Http2SmallWndTimeout configuration parameter, which determines the timeout value for stalled HTTP2 small window streams. Citrix explained that appliances using HTTP Strict Profiles already apply a default timeout of thirty seconds, allowing the security update to take effect immediately after installation. However, deployments not using HTTP Strict Profiles maintain a default value of zero seconds, requiring administrators to manually set the Http2SmallWndTimeout parameter to thirty seconds after upgrading to ensure complete protection against the vulnerability.

The vulnerabilities were reported by Michael Tucker from the XOR team at JPMorgan Chase, Aliz Hammond of watchTowr, and security researcher Maxim Suhanov. In a technical analysis released alongside the Citrix security advisory, watchTowr Labs explained that CVE 2026 8451 was identified during efforts to reproduce CVE 2026 3055, another NetScaler input validation vulnerability disclosed earlier in 2026. Researchers found that both vulnerabilities share a similar underlying issue involving the parsing of SAML authentication requests, which can lead to out of bounds memory reads when malformed requests are processed. While researchers observed that the newly disclosed vulnerability leaks significantly less memory than the earlier issue because certain control characters terminate the memory read operation, they warned that the recurring appearance of memory management flaws raises broader concerns regarding the resilience of NetScaler appliances. Security researchers also noted that configuration mistakes could increase exposure to memory disclosure issues. Citrix products have remained frequent targets for threat actors in recent years because vulnerabilities affecting these appliances have previously been abused to facilitate ransomware deployment and other network intrusions, making timely installation of security updates an important part of enterprise security maintenance.

Source

Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem. 

Post Comment