Denial of Service Vulnerability in Citrix NetScaler ADC and Gateway
CVE-2026-13474

8.7HIGH

Key Information:

Vendor: Netscaler
Status: Adc; Gateway
Vendor: CVE Published:; 30 June 2026

What is CVE-2026-13474?

A vulnerability exists in Citrix NetScaler ADC and NetScaler Gateway that could lead to a denial of service event. This issue arises when malformed HTTP/2 requests are processed when HTTP/2 is enabled in the HTTP Profile. If this configuration is associated with a virtual server type such as Load Balancing (LB), Content Switching (CS), or Virtual Private Network (VPN), or linked to a service configured on NetScaler, it can disrupt service availability. Proper assessment and mitigation strategies are essential for organizations using these products.

Affected Version(s)

ADC 14.1 < 72.61

ADC 13.1 < 63.18

ADC 14.1 FIPS < 72.61

References

https://support.citrix.com/support-home/kbsearch/article?...

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 30, 2026
Vulnerability Reserved
Jun 26, 2026

CVE-2026-13474 Data

JSON

Netscaler

What is CVE-2026-13474?

Affected Version(s)

References

CVSS V4

Timeline