Alert - AL26-016 - Vulnerability impacting Citrix NetScaler CVE-2026-8451

Number: AL26-016
Date: July 2, 2026

Audience

This Alert is intended for IT professionals and managers.

Purpose

An Alert is used to raise awareness of a recently identified cyber threat that may impact cyber information assets, and to provide additional detection and mitigation advice to recipients. The Canadian Centre for Cyber Security ("Cyber Centre") is also available to provide additional assistance regarding the content of this Alert to recipients as requested.

Details

The Cyber Centre is aware of a vulnerability impacting NetScaler ADC (formerly Citrix ADC), NetScaler Gateway (formerly Citrix Gateway) and NetScaler ADC FIPS (Federal Information Processing Standards)Footnote 1Footnote 2. In response to the vendor advisory released on June 30, 2026, the Cyber Centre released AV26-645 on June 30, 2026Footnote 3.

Tracked as CVE-2026-8451Footnote 4, this vulnerability is an insufficient input validation (CWE-125)Footnote 5 vulnerability affecting many NetScaler ADC and NetScaler Gateway versions. If exploited, this vulnerability can lead to memory overread, if NetScaler ADC or NetScaler Gateway is configured as a Security Assertion Markup Language (SAML) Identity Provider (idP).

The vulnerability only impacts customer-managed NetScaler ADC and NetScaler Gateway. The cloud services managed by Citrix have been upgraded with the necessary software updates related to this vulnerability.

Suggested actions

The Cyber Centre recommends that organizations using Citrix NetScaler ADC, NetScaler Gateway, NetScaler ADC FIPS and NFcPPFootnote 1 appliances update or upgrade the affected systems to the following versions:

Affected Product Affected Versions Fixed Versions
NetScaler ADC and NetScaler Gateway 14.1 14.1 before 14.1-72.61 14.1-72.61
NetScaler ADC and NetScaler Gateway 13.1 13.1 before 13.1-63.18 13.1-63.18
NetScaler ADC FIPS versions prior to 14.1-72.61 FIPS 14.1-72.61
NetScaler ADC FIPS and NDcPP versions prior to 13.1-37.272 13.1-37.272

The Cyber Centre recommends following Citrix guidance if NetScaler ADC or NetScaler Gateway are suspected to be compromisedFootnote 6.

In addition, the Cyber Centre strongly recommends that organizations review and implement the Cyber Centre’s Top 10 IT Security Actions with an emphasis on the following topicsFootnote 7.

  • Patch operating systems and applications
  • Harden operating systems and applications
  • Isolate web-facing applications

Should activity matching the content of this alert be discovered, recipients are encouraged to report via My Cyber Portal, or email contact@cyber.gc.ca.

Date modified: