Multiple Memory overflow vulnerabilities leading to unpredictable or erroneous behavior and Denial of Service
Summary
| CVE | CVE-2026-8655 |
|---|---|
| State | PUBLISHED |
| Assigner | NetScaler |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-06-30 13:19:34 UTC |
| Updated | 2026-07-01 15:52:05 UTC |
| Description | Multiple Memory overflow vulnerabilities in NetScaler ADC and NetScaler Gateway leading to unpredictable or erroneous behavior and Denial of Service if NetScaler ADC is configured as an LB of type Oracle OR NetScaler ADC is configured as a DNS Proxy OR NetScaler ADC is configured as a DNS recursive resolver deployment |
Risk And Classification
Primary CVSS: v4.0 8.8 HIGH from 50a63c94-1ea7-4568-8c11-eb79e7c5a2b5
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Problem Types: CWE-119 | CWE-119 CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 4.0 | 50a63c94-1ea7-4568-8c11-eb79e7c5a2b5 | Secondary | 8.8 | HIGH | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:L/E:X/C... |
| 4.0 | CNA | CVSS | 8.8 | HIGH | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:L |
| 3.1 | [email protected] | Primary | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
CVSS v4.0 Breakdown
Attack Vector
NetworkAttack Complexity
LowAttack Requirements
NonePrivileges Required
NoneUser Interaction
NoneConfidentiality
LowIntegrity
LowAvailability
HighSub Conf.
NoneSub Integrity
NoneSub Availability
LowCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
HighAvailability
HighCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Citrix | Netscaler Application Delivery Controller | All | All | All | All |
| Application | Citrix | Netscaler Application Delivery Controller | All | All | All | All |
| Application | Citrix | Netscaler Application Delivery Controller | All | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | NetScaler | ADC | affected 14.1 72.61 patch | Not specified |
| CNA | NetScaler | ADC | affected 13.1 63.18 patch | Not specified |
| CNA | NetScaler | ADC | affected 14.1 FIPS 72.61 patch | Not specified |
| CNA | NetScaler | ADC | affected 13.1 FIPS and NDcPP 37.272 patch | Not specified |
| CNA | NetScaler | Gateway | affected 14.1 72.61 patch | Not specified |
| CNA | NetScaler | Gateway | affected 13.1 63.18 patch | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| support.citrix.com/support-home/kbsearch/article | 50a63c94-1ea7-4568-8c11-eb79e7c5a2b5 | support.citrix.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.