CVE-2026-8655 | Multiple Memory overflow vulnerabilities in NetScaler ADC an… | CVSS 8.8 HIGH

Description

Multiple Memory overflow vulnerabilities in NetScaler ADC and NetScaler Gateway leading to unpredictable or erroneous behavior and Denial of Service if NetScaler ADC is configured as an LB of type Oracle OR NetScaler ADC is configured as a DNS Proxy OR NetScaler ADC is configured as a DNS recursive resolver deployment

Metadata

CVE ID: CVE-2026-8655
State: PUBLISHED
Assigner: NetScaler
Reserved: 2026-05-15 06:14 UTC
Published: 2026-06-30 12:46 UTC
Last updated: 2026-06-30 13:33 UTC
Primary CWE: CWE-119
CWE-119 Improper Restriction of Operations within the Bounds…
Vendor / Product: NetScaler / ADC
Sources: cve.org · NVD

Severity & Metrics

8.8 HIGH CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:L

SSVC — CISA Coordinator

Exploitation: none
Automatable: yes
Tech. Impact: partial

Affected products (2)

Vendor	Product	Platform	Versions
NetScaler	ADC	—	14.1 < 72.61, 13.1 < 63.18, 14.1 FIPS < 72.61, 13.1 FIPS and NDcPP < 37.272
NetScaler	Gateway	—	14.1 < 72.61, 13.1 < 63.18

Weakness (CWE)

CWE	Source	Description
CWE-119	adp	CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

CVSS scores (1)

Score	Severity	Version	Source	Vector
8.8	HIGH	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:L

References (1)

https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696604