www.securityweek.com 7/1/2026, 11:51:44 AM · external

Citrix fixes critical NetScaler flaws after HTTP/2 Bomb alert

Citrix fixes critical NetScaler flaws after HTTP/2 Bomb alert
Developing story vulnerability 2 articles tracked
Citrix patches multiple NetScaler ADC and Gateway vulnerabilities

ON October 3, 2023, Citrix announced critical security updates for its NetScaler ADC and NetScaler Gateway products addressing six vulnerabilities, including the severe HTTP/2 Bomb flaw. Notable issues include four high-severity vulnerabilities related to out-of-bounds reads and memory overflows, tracked as CVE-2026-8451, CVE-2026-8452, CVE-2026-8655, and CVE-2026-10816. The HTTP/2 Bomb, also assigned CVE-2026-13474, targets specific web servers with denial-of-service exploits.

Citrix urges customers to apply the new patches in versions 14.1-72.61 and 13.1-63.18 because the vulnerabilities require certain configurations to be exploited. WatchTowr, an attack surface management firm, highlighted CVE-2026-8451, emphasizing its potential to lead to full device compromise if exploited.

View Primary Source Via www.securityweek.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline