CVE-2026-8452 - Vulnerability Details - OpenCVE

Memory overflow vulnerability NetScaler ADC and NetScaler Gateway leading to unpredictable or erroneous behavior and Denial of Service if the appliance is configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact Low

Subsequent System Availability Impact Low

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable yes

Technical Impact partial

No data.

No data.

No data.

No data.

References

Link	Providers
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696604

History

Tue, 30 Jun 2026 14:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-119
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 30 Jun 2026 13:15:00 +0000

Type	Values Removed	Values Added
Description		Memory overflow vulnerability NetScaler ADC and NetScaler Gateway leading to unpredictable or erroneous behavior and Denial of Service if the appliance is configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server
Title		Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service
References		https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696604
Metrics		cvssV4_0 `{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:L/SI:L/SA:L'}`

MITRE

Status: PUBLISHED

Assigner: NetScaler

Published: 2026-06-30T12:41:07.622Z

Updated: 2026-06-30T13:37:04.747Z

Reserved: 2026-05-13T00:35:55.317Z

Link: CVE-2026-8452

Vulnrichment

Updated: 2026-06-30T13:37:00.513Z

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-8452", "assignerOrgId": "50a63c94-1ea7-4568-8c11-eb79e7c5a2b5", "state": "PUBLISHED", "assignerShortName": "NetScaler", "dateReserved": "2026-05-13T00:35:55.317Z", "datePublished": "2026-06-30T12:41:07.622Z", "dateUpdated": "2026-06-30T13:37:04.747Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "50a63c94-1ea7-4568-8c11-eb79e7c5a2b5", "shortName": "NetScaler", "dateUpdated": "2026-06-30T12:57:25.158Z"}, "title": "Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service", "datePublic": "2026-06-30T12:00:00.000Z", "affected": [{"vendor": "NetScaler", "product": "ADC", "versions": [{"status": "affected", "version": "14.1", "lessThan": "72.61", "versionType": "patch"}, {"status": "affected", "version": "13.1", "lessThan": "63.18", "versionType": "patch"}, {"status": "affected", "version": "14.1 FIPS", "lessThan": "72.61", "versionType": "patch"}, {"status": "affected", "version": "13.1 FIPS and NDcPP", "lessThan": "37.272", "versionType": "patch"}], "defaultStatus": "unaffected"}, {"vendor": "NetScaler", "product": "Gateway", "versions": [{"status": "affected", "version": "14.1", "lessThan": "72.61", "versionType": "patch"}, {"status": "affected", "version": "13.1", "lessThan": "63.18", "versionType": "patch"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Memory overflow vulnerability\u00a0NetScaler ADC and NetScaler Gateway\u00a0leading to unpredictable or erroneous behavior and Denial of Service if the appliance is configured as a\u00a0Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<span>Memory overflow vulnerability </span><span>NetScaler ADC and NetScaler Gateway </span><span>leading to unpredictable or erroneous behavior and Denial of Service if the a</span><span>ppliance is configured as a </span><span>Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or </span><span>AAA virtual server</span><br>"}]}], "references": [{"url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696604"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "subIntegrityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "LOW", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.8, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:L/SI:L/SA:L"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.2"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-30T13:36:43.132060Z", "id": "CVE-2026-8452", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-30T13:37:04.747Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-8452", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-30T13:36:43.132060Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-30T13:37:00.513Z"}}], "cna": {"title": "Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.8, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:L/SI:L/SA:L", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "NetScaler", "product": "ADC", "versions": [{"status": "affected", "version": "14.1", "lessThan": "72.61", "versionType": "patch"}, {"status": "affected", "version": "13.1", "lessThan": "63.18", "versionType": "patch"}, {"status": "affected", "version": "14.1 FIPS", "lessThan": "72.61", "versionType": "patch"}, {"status": "affected", "version": "13.1 FIPS and NDcPP", "lessThan": "37.272", "versionType": "patch"}], "defaultStatus": "unaffected"}, {"vendor": "NetScaler", "product": "Gateway", "versions": [{"status": "affected", "version": "14.1", "lessThan": "72.61", "versionType": "patch"}, {"status": "affected", "version": "13.1", "lessThan": "63.18", "versionType": "patch"}], "defaultStatus": "unaffected"}], "datePublic": "2026-06-30T12:00:00.000Z", "references": [{"url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696604"}], "x_generator": {"engine": "Vulnogram 1.0.2"}, "descriptions": [{"lang": "en", "value": "Memory overflow vulnerability\u00a0NetScaler ADC and NetScaler Gateway\u00a0leading to unpredictable or erroneous behavior and Denial of Service if the appliance is configured as a\u00a0Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server", "supportingMedia": [{"type": "text/html", "value": "<span>Memory overflow vulnerability </span><span>NetScaler ADC and NetScaler Gateway </span><span>leading to unpredictable or erroneous behavior and Denial of Service if the a</span><span>ppliance is configured as a </span><span>Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or </span><span>AAA virtual server</span><br>", "base64": false}]}], "providerMetadata": {"orgId": "50a63c94-1ea7-4568-8c11-eb79e7c5a2b5", "shortName": "NetScaler", "dateUpdated": "2026-06-30T12:57:25.158Z"}}}, "cveMetadata": {"cveId": "CVE-2026-8452", "state": "PUBLISHED", "dateUpdated": "2026-06-30T13:37:04.747Z", "dateReserved": "2026-05-13T00:35:55.317Z", "assignerOrgId": "50a63c94-1ea7-4568-8c11-eb79e7c5a2b5", "datePublished": "2026-06-30T12:41:07.622Z", "assignerShortName": "NetScaler"}, "dataVersion": "5.2"}