Citrix Patches Six NetScaler Flaws Allowing File Read and Denial-of-Service
ID: 35448e98-e325-5726-81ed-8ae3e050df41
STIX ID: report--35448e98-e325-5726-81ed-8ae3e050df41
Feed Name: The Hacker News
Citrix released security updates addressing multiple high-severity vulnerabilities in NetScaler ADC and NetScaler Gateway (including CVE-2026-8451, CVE-2026-8452, CVE-2026-8655, CVE-2026-10816, CVE-2026-10817, and CVE-2026-13474) that can cause unauthenticated arbitrary file reads or denial-of-service via memory overreads/overflows and malformed HTTP/2 requests; patches and a recommended HTTP/2 configuration change (set ns httpProfile <profile_name> -http2SmallWndTimeout 30) are provided for affected builds, and Citrix credits external researchers for reporting while noting no evidence of in-the-wild exploitation.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
