—

CVE-2026-10817PATCHED

citrix · adc

Insufficient input validation leading to memory overread

Description

Insufficient input validation leading to memory overread in NetScaler ADC and NetScaler Gateway if the TCP TimeStamp is enabled in TCP Profile and is associated with the virtual server (of type LB, CS, VPN) or the service configured on NetScaler

Affected Products

Vendor	Product	Versions
citrix	adc	14.1, 13.1, 14.1 FIPS, 13.1 FIPS and NDcPP, 14.1, 13.1

References

https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696604

Related News (2 articles)

Tier B

CCCS Canada3h ago

Citrix security advisory (AV26-645)

→ No new info (linked only)

Tier C

VulDB5h ago

CVE-2026-10817 | Citrix NetScaler ADC/NetScaler Gateway prior 37.272/63.18/72.61 out-of-bounds (CTX696604)

→ No new info (linked only)

CISA KEV❌ No

Actively exploited❌ No

Patch available

72.6163.1837.272

CWECWE-125

PublishedJun 30, 2026

Last enriched5h agov2

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-8451EXP

Insufficient input validation leading to memory overread

Trending: 80

HIGHCVE-2026-8452EXP

Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service

Trending: 67

HIGHCVE-2026-13474EXP

Denial of service via malformed HTTP/2 requests

Trending: 67

HIGHCVE-2026-8655

Multiple Memory overflow vulnerabilities leading to unpredictable or erroneous behavior and Denial of Service

Trending: 48

CRITICALCVE-2026-10816

Arbitrary File Read (Unauthenticated)

Trending: 41

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jun 30, 2026

Discovered by ZDM

Jun 30, 2026

Patch Available

Jun 30, 2026

Updated: severity, tags

Jun 30, 2026

Version History

Last enriched 5h ago

v2Tier C5h ago

Updated severity to HIGH, marked exploit availability as false, and added CVE-2026-10817 as a new tag.

severitytags

via VulDB

v18h ago

Initial creation