Skip to main content

NetScaler ADC EUVDEUVD-2026-40320

| CVE-2026-13474 HIGH
Memory Leak (CWE-401)
2026-06-30 50a63c94-1ea7-4568-8c11-eb79e7c5a2b5 GHSA-256v-mmj4-qqjc
8.7
CVSS 4.0 · Vendor: 50a63c94-1ea7-4568-8c11-eb79e7c5a2b5
Share

Severity by source

Vendor (50a63c94-1ea7-4568-8c11-eb79e7c5a2b5) PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
ENISA EUVD
HIGH
qualitative
vuln.today AI
7.5 HIGH

Network-reachable, unauthenticated, low-complexity DoS with availability-only impact; the HTTP/2 config requirement is a deployment prerequisite, not an access privilege, so PR:N and AC:L hold.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Primary rating from Vendor (50a63c94-1ea7-4568-8c11-eb79e7c5a2b5).

CVSS VectorVendor: 50a63c94-1ea7-4568-8c11-eb79e7c5a2b5

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Patch available
Jun 30, 2026 - 15:01 EUVD
Analysis Generated
Jun 30, 2026 - 13:30 vuln.today
CVE Published
Jun 30, 2026 - 13:17 cve.org
HIGH 8.7

DescriptionCVE.org

Denial of service via malformed HTTP/2 requests in NetScaler ADC and NetScaler Gateway if HTTP/2 is enabled in HTTP Profile and associated with the virtual server (of type LB, CS, VPN) or the service configured on NetScaler

AnalysisAI

Denial of service in Citrix NetScaler ADC and NetScaler Gateway allows remote attackers to crash or render unresponsive the appliance by sending malformed HTTP/2 requests, but only when HTTP/2 is enabled in the HTTP Profile and bound to an LB, CS, or VPN virtual server or service. The CVSS 4.0 score of 8.7 reflects high availability impact with no confidentiality or integrity loss, exploitable over the network without authentication or user interaction. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach HTTP/2-enabled NetScaler vserver
Delivery
Send malformed HTTP/2 requests
Exploit
Trigger memory leak (CWE-401)
Execution
Repeat to exhaust appliance memory
Impact
Denial of service for users

Vulnerability AssessmentAI

Exploitation Exploitation requires that HTTP/2 is explicitly enabled in an HTTP Profile AND that this profile is associated with a virtual server of type LB, CS, or VPN, or with a configured service on the NetScaler appliance - this is the exact configuration prerequisite stated in the description and is not the default for all deployments. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) describes a low-complexity, network-reachable, unauthenticated attack with high impact to the vulnerable system's availability (VA:H) and a minor subsequent-system availability effect (SA:L), yielding a high score of 8.7. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who can reach an internet-facing NetScaler LB, CS, or VPN virtual server that has HTTP/2 enabled sends a stream of malformed HTTP/2 requests that trigger a memory leak in the appliance's HTTP/2 handling. Repeated requests gradually exhaust memory until the appliance stops processing legitimate traffic, denying service to all users behind that vserver. …
Remediation Apply the fixed NetScaler ADC/NetScaler Gateway build identified in the Citrix advisory CTX696604 (https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696604); exact fixed version numbers are not present in the provided input and must be taken from that advisory rather than assumed. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all Citrix NetScaler ADC and Gateway instances and identify which have HTTP/2 enabled on LB, CS, or VPN virtual servers. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2025-5777 HIGH POC
7.5 Jun 17

Citrix NetScaler ADC and Gateway contain an input validation vulnerability (CVE-2025-5777, CVSS 7.5) leading to memory o

CVE-2025-6543 CRITICAL POC
9.8 Jun 25

Citrix NetScaler ADC and Gateway contain a memory overflow vulnerability (CVE-2025-6543, CVSS 9.8) leading to unintended

CVE-2026-8451 HIGH POC
8.8 Jun 30

Memory overread in Citrix NetScaler ADC and NetScaler Gateway lets remote attackers read out-of-bounds memory when the a

CVE-2025-5349 HIGH POC
8.8 Jun 17

Improper access control vulnerability in NetScaler ADC and NetScaler Gateway management interfaces that allows unauthent

CVE-2023-4967 HIGH POC
7.5 Oct 27

Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CV

CVE-2014-2881 CRITICAL
10.0 May 01

Unspecified vulnerability in the Diffie-Hellman key agreement implementation in the management GUI Java applet in Citrix

CVE-2014-2882 CRITICAL
10.0 May 01

Unspecified vulnerability in the management GUI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler

CVE-2026-8452 HIGH
8.8 Jun 30

Denial of service and memory corruption in Citrix NetScaler ADC and NetScaler Gateway allows remote unauthenticated atta

CVE-2026-8655 HIGH
8.8 Jun 30

Denial of service in Citrix NetScaler ADC and NetScaler Gateway stems from multiple memory overflow conditions that prod

CVE-2024-8534 HIGH
8.4 Nov 12

Memory safety vulnerability leading to memory corruption and Denial of Service in NetScaler ADC and Gateway if the appli

CVE-2026-10816 HIGH
7.1 Jun 30

Arbitrary file read in Citrix NetScaler ADC and NetScaler Gateway lets unauthenticated attackers on an adjacent network

CVE-2023-3467 HIGH
8.0 Jul 19

Privilege Escalation to root administrator (nsroot). Rated high severity (CVSS 8.0), this vulnerability is low attack co

Share

EUVD-2026-40320 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy