CVE-2026-10817
6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Summary
Insufficient input validation leading to memory overread in NetScaler ADC and NetScaler Gateway if the TCP TimeStamp is enabled in TCP Profile and is associated with the virtual server (of type LB, CS, VPN) or the service configured on NetScaler
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| NetScaler | ADC | 14.1 < 72.61 | affected |
| NetScaler | ADC | 13.1 < 63.18 | affected |
| NetScaler | ADC | 14.1 FIPS < 72.61 | affected |
| NetScaler | ADC | 13.1 FIPS and NDcPP < 37.272 | affected |
| NetScaler | Gateway | 14.1 < 72.61 | affected |
| NetScaler | Gateway | 13.1 < 63.18 | affected |
Weaknesses
- CWE-125: CWE-125 Out-of-bounds read
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.