—

CVE-2026-10817PATCHED

citrix · adc

Insufficient input validation leading to memory overread

Description

Insufficient input validation leading to memory overread in NetScaler ADC and NetScaler Gateway if the TCP TimeStamp is enabled in TCP Profile and is associated with the virtual server (of type LB, CS, VPN) or the service configured on NetScaler

Affected Products

Vendor	Product	Versions
citrix	adc	14.1, 13.1, 14.1 FIPS, 13.1 FIPS and NDcPP, 14.1, 13.1

References

https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696604

Related News (2 articles)

Tier B

CCCS Canada5h ago

Citrix security advisory (AV26-645)

→ No new info (linked only)

Tier C

VulDB7h ago

CVE-2026-10817 | Citrix NetScaler ADC/NetScaler Gateway prior 37.272/63.18/72.61 out-of-bounds (CTX696604)

→ No new info (linked only)

CISA KEV❌ No

Actively exploited❌ No

Patch available

72.6163.1837.272

CWECWE-125

PublishedJun 30, 2026

Last enriched6h agov2

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-8451EXP

Insufficient input validation leading to memory overread

Trending: 79

HIGHCVE-2026-8452EXP

Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service

Trending: 67

HIGHCVE-2026-13474EXP

Denial of service via malformed HTTP/2 requests

Trending: 67

HIGHCVE-2026-8655

Multiple Memory overflow vulnerabilities leading to unpredictable or erroneous behavior and Denial of Service

Trending: 48

CRITICALCVE-2026-10816

Arbitrary File Read (Unauthenticated)

Trending: 41

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jun 30, 2026

Discovered by ZDM

Jun 30, 2026

Patch Available

Jun 30, 2026

Updated: severity, tags

Jun 30, 2026

Version History

Last enriched 6h ago

v2Tier C6h ago

Updated severity to HIGH, marked exploit availability as false, and added CVE-2026-10817 as a new tag.

severitytags

via VulDB

v19h ago

Initial creation