Insufficient input validation leading to memory overread
Summary
| CVE | CVE-2026-10817 |
|---|---|
| State | PUBLISHED |
| Assigner | NetScaler |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-06-30 13:17:04 UTC |
| Updated | 2026-06-30 14:19:23 UTC |
| Description | Insufficient input validation leading to memory overread in NetScaler ADC and NetScaler Gateway if the TCP TimeStamp is enabled in TCP Profile and is associated with the virtual server (of type LB, CS, VPN) or the service configured on NetScaler |
Risk And Classification
Primary CVSS: v4.0 6.9 MEDIUM from 50a63c94-1ea7-4568-8c11-eb79e7c5a2b5
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Problem Types: CWE-125 | CWE-125 CWE-125 Out-of-bounds read
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 4.0 | 50a63c94-1ea7-4568-8c11-eb79e7c5a2b5 | Secondary | 6.9 | MEDIUM | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/C... |
| 4.0 | CNA | CVSS | 6.9 | MEDIUM | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
CVSS v4.0 Breakdown
Attack Vector
NetworkAttack Complexity
LowAttack Requirements
NonePrivileges Required
NoneUser Interaction
NoneConfidentiality
LowIntegrity
NoneAvailability
NoneSub Conf.
NoneSub Integrity
NoneSub Availability
NoneCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | NetScaler | ADC | affected 14.1 72.61 patch | Not specified |
| CNA | NetScaler | ADC | affected 13.1 63.18 patch | Not specified |
| CNA | NetScaler | ADC | affected 14.1 FIPS 72.61 patch | Not specified |
| CNA | NetScaler | ADC | affected 13.1 FIPS and NDcPP 37.272 patch | Not specified |
| CNA | NetScaler | Gateway | affected 14.1 72.61 patch | Not specified |
| CNA | NetScaler | Gateway | affected 13.1 63.18 patch | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| support.citrix.com/support-home/kbsearch/article | 50a63c94-1ea7-4568-8c11-eb79e7c5a2b5 | support.citrix.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.