CVE-2026-10817 | Insufficient input validation leading to memory overread in … | CVSS 6.9 MEDIUM

Description

Insufficient input validation leading to memory overread in NetScaler ADC and NetScaler Gateway if the TCP TimeStamp is enabled in TCP Profile and is associated with the virtual server (of type LB, CS, VPN) or the service configured on NetScaler

Metadata

CVE ID: CVE-2026-10817
State: PUBLISHED
Assigner: NetScaler
Reserved: 2026-06-04 05:49 UTC
Published: 2026-06-30 12:58 UTC
Last updated: 2026-06-30 13:28 UTC
Primary CWE: CWE-125
CWE-125 Out-of-bounds read
Vendor / Product: NetScaler / ADC
Sources: cve.org · NVD

Severity & Metrics

6.9 MEDIUM CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

SSVC — CISA Coordinator

Exploitation: none
Automatable: yes
Tech. Impact: partial

Affected products (2)

Vendor	Product	Platform	Versions
NetScaler	ADC	—	14.1 < 72.61, 13.1 < 63.18, 14.1 FIPS < 72.61, 13.1 FIPS and NDcPP < 37.272
NetScaler	Gateway	—	14.1 < 72.61, 13.1 < 63.18

Weakness (CWE)

CWE	Source	Description
CWE-125	cna	CWE-125 Out-of-bounds read

CVSS scores (1)

Score	Severity	Version	Source	Vector
6.9	MEDIUM	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

References (1)

https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696604