
PEACH
Un cadre d’isolation des locataires
CVE-2026-8655 describes multiple memory overflow vulnerabilities in NetScaler ADC and NetScaler Gateway that can lead to unpredictable or erroneous behavior and Denial of Service. The vulnerabilities are triggered under specific deployment configurations: when NetScaler ADC is configured as a load balancer of type Oracle, as a DNS Proxy, or as a DNS recursive resolver. Affected versions include NetScaler ADC and Gateway 14.1 before 72.61, 13.1 before 63.18, 14.1 FIPS before 72.61, and 13.1 FIPS/NDcPP before 37.272. The vulnerability was disclosed on June 30, 2026, with patches available the same day. It carries a CVSS v4.0 base score of 8.8 (High) (GitHub Advisory, Citrix Advisory).
The root cause is classified as CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), where the product reads from or writes to memory locations outside the intended buffer boundary. The attack vector is network-based, requiring no authentication, no user interaction, and no special privileges — making it exploitable by any remote attacker who can send specially crafted requests to a vulnerable NetScaler ADC instance. Exploitation is conditional on the appliance being deployed in one of three specific roles: Oracle-type load balancer, DNS Proxy, or DNS recursive resolver. No public proof-of-concept code has been identified at this time (GitHub Advisory, Citrix Advisory).
Successful exploitation causes unpredictable or erroneous system behavior and Denial of Service on the affected NetScaler ADC or Gateway appliance. The primary impact is high availability loss on the vulnerable system, with low confidentiality and integrity impacts also noted (e.g., potential exposure or modification of limited data in memory). Downstream systems relying on the affected appliance for Oracle load balancing or DNS resolution would also experience service disruption, with a low availability impact on subsequent systems (GitHub Advisory, Feedly).
Citrix/NetScaler released patches on June 30, 2026. Administrators should upgrade to the following fixed versions: NetScaler ADC and Gateway 14.1-72.61 or later, NetScaler ADC and Gateway 13.1-63.18 or later, NetScaler ADC 14.1 FIPS 72.61 or later, and NetScaler ADC 13.1 FIPS/NDcPP 37.272 or later. As interim measures, organizations should review their NetScaler ADC configurations to identify instances deployed as Oracle load balancers, DNS proxies, or DNS recursive resolvers, and prioritize patching those systems. Implementing network segmentation and access controls to restrict traffic to NetScaler ADC management interfaces is also recommended (Citrix Advisory, GitHub Advisory).
The vulnerability was covered by several security news outlets shortly after disclosure, including The Hacker News, GBHackers, and SecurityOnline, as part of broader reporting on a batch of six NetScaler flaws patched simultaneously. The Stack Technology noted that Citrix credited JPMorgan in connection with the vulnerability disclosures. The Canadian Centre for Cyber Security (CCCS) issued an advisory (AV26-645) recommending organizations apply the patches promptly (The Hacker News, CCCS Advisory, The Stack).
Source: Ce rapport a été généré à l’aide de l’IA
Évaluation gratuite des vulnérabilités
Évaluez vos pratiques de sécurité cloud dans 9 domaines de sécurité pour évaluer votre niveau de risque et identifier les failles dans vos défenses.
Obtenez une démo personnalisée
"La meilleure expérience utilisateur que j’ai jamais vue, offre une visibilité totale sur les workloads cloud."
"Wiz fournit une interface unique pour voir ce qui se passe dans nos environnements cloud."
"Nous savons que si Wiz identifie quelque chose comme critique, c’est qu’il l’est réellement."