CVE-2026-10817

Summary

Insufficient input validation leading to memory overread in NetScaler ADC and NetScaler Gateway if the TCP TimeStamp is enabled in TCP Profile and is associated with the virtual server (of type LB, CS, VPN) or the service configured on NetScaler

Affected Software

VendorProductVersion RangeStatus
NetScalerADC14.1 < 72.61affected
NetScalerADC13.1 < 63.18affected
NetScalerADC14.1 FIPS < 72.61affected
NetScalerADC13.1 FIPS and NDcPP < 37.272affected
NetScalerGateway14.1 < 72.61affected
NetScalerGateway13.1 < 63.18affected

Weaknesses

  • CWE-125: CWE-125 Out-of-bounds read

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References