Skip to main content

NetScaler ADC CVE-2026-8655

| EUVDEUVD-2026-40308 HIGH
Buffer Overflow (CWE-119)
2026-06-30 50a63c94-1ea7-4568-8c11-eb79e7c5a2b5 GHSA-rw96-6cvj-x57v
8.8
CVSS 4.0 · Vendor: 50a63c94-1ea7-4568-8c11-eb79e7c5a2b5
Share

Severity by source

Vendor (50a63c94-1ea7-4568-8c11-eb79e7c5a2b5) PRIMARY
8.8 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
ENISA EUVD
HIGH
qualitative
vuln.today AI
8.6 HIGH

Network-reachable, low-complexity, unauthenticated handler flaw with no user interaction; impact is predominantly availability (DoS) with only minor confidentiality and integrity effects.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:L

Primary rating from Vendor (50a63c94-1ea7-4568-8c11-eb79e7c5a2b5).

CVSS VectorVendor: 50a63c94-1ea7-4568-8c11-eb79e7c5a2b5

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Patch available
Jun 30, 2026 - 15:01 EUVD
Analysis Generated
Jun 30, 2026 - 13:34 vuln.today
CVE Published
Jun 30, 2026 - 13:19 cve.org
HIGH 8.8

DescriptionCVE.org

Multiple Memory overflow vulnerabilities in NetScaler ADC and NetScaler Gateway leading to unpredictable or erroneous behavior and Denial of Service if NetScaler ADC is configured as an LB of type Oracle OR NetScaler ADC is configured as a DNS Proxy OR NetScaler ADC is configured as a DNS recursive resolver deployment

AnalysisAI

Denial of service in Citrix NetScaler ADC and NetScaler Gateway stems from multiple memory overflow conditions that produce unpredictable or erroneous behavior when the appliance is configured for specific DNS or load-balancing roles. Remote unauthenticated attackers can send crafted traffic to a vulnerable appliance to crash or destabilize it, with the CVSS 4.0 score of 8.8 driven primarily by high availability impact. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach NetScaler DNS/Oracle LB listener
Delivery
Send crafted DNS query or Oracle traffic
Exploit
Trigger memory overflow in handler
Execution
Appliance enters erroneous state
Impact
Denial of service to backed services

Vulnerability AssessmentAI

Exploitation Exploitation requires the NetScaler ADC to be configured in at least one of three specific modes: a load-balancing virtual server of type Oracle, a DNS Proxy, or a DNS recursive resolver deployment. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) indicates a network-reachable, low-complexity, unauthenticated attack requiring no user interaction, which is a strong real-world risk profile for an internet-facing appliance. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who can reach a NetScaler appliance that is acting as a DNS recursive resolver or DNS proxy sends a stream of malformed DNS queries that trigger the memory overflow, causing the appliance to behave erratically or crash and dropping the services behind it. Because the attack is network-based, unauthenticated, and low-complexity, it can be repeated to sustain an outage; no public POC is currently identified.
Remediation Apply the patched NetScaler ADC/Gateway firmware identified in Citrix advisory CTX696604 (https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696604); an exact fixed version was not present in the provided data and must be taken from that advisory. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all Citrix NetScaler ADC and Gateway appliances in your environment and assess which are configured for DNS or load-balancing roles. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2025-5777 HIGH POC
7.5 Jun 17

Citrix NetScaler ADC and Gateway contain an input validation vulnerability (CVE-2025-5777, CVSS 7.5) leading to memory o

CVE-2025-6543 CRITICAL POC
9.8 Jun 25

Citrix NetScaler ADC and Gateway contain a memory overflow vulnerability (CVE-2025-6543, CVSS 9.8) leading to unintended

CVE-2026-8451 HIGH POC
8.8 Jun 30

Memory overread in Citrix NetScaler ADC and NetScaler Gateway lets remote attackers read out-of-bounds memory when the a

CVE-2025-5349 HIGH POC
8.8 Jun 17

Improper access control vulnerability in NetScaler ADC and NetScaler Gateway management interfaces that allows unauthent

CVE-2023-4967 HIGH POC
7.5 Oct 27

Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CV

CVE-2014-2881 CRITICAL
10.0 May 01

Unspecified vulnerability in the Diffie-Hellman key agreement implementation in the management GUI Java applet in Citrix

CVE-2014-2882 CRITICAL
10.0 May 01

Unspecified vulnerability in the management GUI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler

CVE-2026-8452 HIGH
8.8 Jun 30

Denial of service and memory corruption in Citrix NetScaler ADC and NetScaler Gateway allows remote unauthenticated atta

CVE-2026-13474 HIGH
8.7 Jun 30

Denial of service in Citrix NetScaler ADC and NetScaler Gateway allows remote attackers to crash or render unresponsive

CVE-2024-8534 HIGH
8.4 Nov 12

Memory safety vulnerability leading to memory corruption and Denial of Service in NetScaler ADC and Gateway if the appli

CVE-2026-10816 HIGH
7.1 Jun 30

Arbitrary file read in Citrix NetScaler ADC and NetScaler Gateway lets unauthenticated attackers on an adjacent network

CVE-2023-3467 HIGH
8.0 Jul 19

Privilege Escalation to root administrator (nsroot). Rated high severity (CVSS 8.0), this vulnerability is low attack co

Share

CVE-2026-8655 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy