Memory Overread Vulnerability in NetScaler ADC and Gateway by Citrix
CVE-2026-10817

6.9MEDIUM

Key Information:

Vendor: Netscaler
Status: Adc; Gateway
Vendor: CVE Published:; 30 June 2026

What is CVE-2026-10817?

A vulnerability exists in Citrix NetScaler ADC and NetScaler Gateway due to insufficient input validation, particularly when TCP TimeStamp is enabled in the TCP Profile. This flaw can lead to a memory overread condition when associated with certain virtual server types such as Load Balancers (LB), Content Switching (CS), or VPN services. It is essential for users to review their configurations and ensure proper security measures are in place to mitigate potential risks.

Affected Version(s)

ADC 14.1 < 72.61

ADC 13.1 < 63.18

ADC 14.1 FIPS < 72.61

References

https://support.citrix.com/support-home/kbsearch/article?...

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 30, 2026
Vulnerability Reserved
Jun 4, 2026

CVE-2026-10817 Data

JSON

Netscaler

What is CVE-2026-10817?

Affected Version(s)

References

CVSS V4

Timeline