Number: AL26-016
Date: July 2, 2026
Audience
This Alert is intended for IT professionals and managers.
Purpose
An Alert is used to raise awareness of a recently identified cyber threat that may impact cyber information assets, and to provide additional detection and mitigation advice to recipients. The Canadian Centre for Cyber Security ("Cyber Centre") is also available to provide additional assistance regarding the content of this Alert to recipients as requested.
Details
The Cyber Centre is aware of a vulnerability impacting NetScaler ADC (formerly Citrix ADC), NetScaler Gateway (formerly Citrix Gateway) and NetScaler ADC FIPS (Federal Information Processing Standards)Footnote 1Footnote 2. In response to the vendor advisory released on June 30, 2026, the Cyber Centre released AV26-645 on June 30, 2026Footnote 3.
Tracked as CVE-2026-8451Footnote 4, this vulnerability is an insufficient input validation (CWE-125)Footnote 5 vulnerability affecting many NetScaler ADC and NetScaler Gateway versions. If exploited, this vulnerability can lead to memory overread, if NetScaler ADC or NetScaler Gateway is configured as a Security Assertion Markup Language (SAML) Identity Provider (idP).
The vulnerability only impacts customer-managed NetScaler ADC and NetScaler Gateway. The cloud services managed by Citrix have been upgraded with the necessary software updates related to this vulnerability.
Suggested actions
The Cyber Centre recommends that organizations using Citrix NetScaler ADC, NetScaler Gateway, NetScaler ADC FIPS and NFcPPFootnote 1 appliances update or upgrade the affected systems to the following versions:
| Affected Product | Affected Versions | Fixed Versions |
|---|---|---|
| NetScaler ADC and NetScaler Gateway 14.1 | 14.1 before 14.1-72.61 | 14.1-72.61 |
| NetScaler ADC and NetScaler Gateway 13.1 | 13.1 before 13.1-63.18 | 13.1-63.18 |
| NetScaler ADC FIPS | versions prior to 14.1-72.61 FIPS | 14.1-72.61 |
| NetScaler ADC FIPS and NDcPP | versions prior to 13.1-37.272 | 13.1-37.272 |
The Cyber Centre recommends following Citrix guidance if NetScaler ADC or NetScaler Gateway are suspected to be compromisedFootnote 6.
In addition, the Cyber Centre strongly recommends that organizations review and implement the Cyber Centre’s Top 10 IT Security Actions with an emphasis on the following topicsFootnote 7.
- Patch operating systems and applications
- Harden operating systems and applications
- Isolate web-facing applications
Should activity matching the content of this alert be discovered, recipients are encouraged to report via My Cyber Portal, or email contact@cyber.gc.ca.