Citrix security patch release for CVE-2026-13474
Security Patch Release
Summary
Hide ▲
Show ▼
Citrix released security updates for NetScaler ADC and NetScaler Gateway to fix six vulnerabilities that could enable arbitrary file reads or denial of service across several product branches. The patched releases include 14.1-72.61 and 13.1-63.18, along with related FIPS and NDcPP builds. One issue, CVE-2026-13474, also requires a manual HTTP/2 configuration change on some appliances to fully close the risk. Citrix said there is no evidence of in-the-wild exploitation.
Related Happenings
Dify security patch release for CVE-2026-41947
Security Patch Release
H score34
First: 22.06.2026 19:13
Last: 22.06.2026 19:13
Sources 1
About this happening:
**Dify** shipped **version 1.14.2** to fix most of the **DifyTap** vulnerabilities, closing cross-tenant paths that could expose **AI chats**, **uploaded files**, and internal API...
Dify security patch release for CVE-2026-41947
Security Patch ReleaseAbout this happening: **Dify** shipped **version 1.14.2** to fix most of the **DifyTap** vulnerabilities, closing cross-tenant paths that could expose **AI chats**, **uploaded files**, and internal API...
Microsoft security patch release for CVE-2026-41091 and CVE-2026-45498
Security Patch Release
H score44
First: 21.05.2026 10:49
Last: 21.05.2026 10:49
Sources 1
About this happening:
Microsoft rolled out security updates for Defender and related malware protection components to address two zero-days: CVE-2026-41091 and CVE-2026-45498. The fixes cover affected...
Microsoft security patch release for CVE-2026-41091 and CVE-2026-45498
Security Patch ReleaseAbout this happening: Microsoft rolled out security updates for Defender and related malware protection components to address two zero-days: CVE-2026-41091 and CVE-2026-45498. The fixes cover affected...
Latest development: 21.05.2026 12:52
Microsoft released patches for Microsoft Defender Antimalware Platform version 4.18.26040.7 to address CVE-2026-41091, a link-following privilege-escalation flaw that can let an authorized attacker elevate privileges locally to System, and CVE-2026-45498, a denial-of-service flaw. Microsoft said both vulnerabilities were publicly disclosed and exploited in the wild as zero-days. CISA added both flaws to its Known Exploited Vulnerabilities (KEV) list and urged federal agencies to patch them by June 3.
Microsoft security patch release for CVE-2026-41089
Security Patch Release
H score43
First: 13.05.2026 00:46
Last: 13.05.2026 00:46
Sources 1
About this happening:
**Microsoft** and other major software vendors shipped a heavy **May 2026** patch cycle, with fixes spanning **Windows**, **iOS**, **Firefox**, **Oracle** products, and **Chrome**...
Microsoft security patch release for CVE-2026-41089
Security Patch ReleaseAbout this happening: **Microsoft** and other major software vendors shipped a heavy **May 2026** patch cycle, with fixes spanning **Windows**, **iOS**, **Firefox**, **Oracle** products, and **Chrome**...
CISA KEV order for CVE-2026-3055 on Citrix appliances
Public Sector Action
H score34
First: 31.03.2026 10:05
Last: 31.03.2026 10:05
Sources 1
About this happening:
CISA added **CVE-2026-3055** to the **KEV Catalog** and ordered **FCEB agencies** to secure **Citrix NetScaler** appliances by **Thursday, April 2**, turning an **actively exploit...
CISA KEV order for CVE-2026-3055 on Citrix appliances
Public Sector ActionAbout this happening: CISA added **CVE-2026-3055** to the **KEV Catalog** and ordered **FCEB agencies** to secure **Citrix NetScaler** appliances by **Thursday, April 2**, turning an **actively exploit...
Cloud Software Group NetScaler urgent remediation advisory
Advisory/Mitigation
H score44
First: 25.03.2026 17:52
Last: 25.03.2026 17:52
Sources 1
About this happening:
**Cloud Software Group** issued urgent remediation guidance for **NetScaler ADC** and **NetScaler Gateway**, telling affected customers to install updated versions as soon as poss...
Cloud Software Group NetScaler urgent remediation advisory
Advisory/MitigationAbout this happening: **Cloud Software Group** issued urgent remediation guidance for **NetScaler ADC** and **NetScaler Gateway**, telling affected customers to install updated versions as soon as poss...
Timeline
-
01.07.2026 06:54 2 articles · 2h ago
Citrix releases NetScaler patches for six vulnerabilities
Mitigation Patch UpdateCitrix released security updates for NetScaler ADC and NetScaler Gateway to address CVE-2026-8451, CVE-2026-8452, CVE-2026-8655, CVE-2026-10816, CVE-2026-10817, and CVE-2026-13474. Fixed builds include 14.1-72.61 and 13.1-63.18, along with related FIPS and NDcPP releases. For CVE-2026-13474, appliances without HTTP Strict Profiles also need Http2SmallWndTimeout set to 30 seconds after upgrading, and Citrix said there is no evidence of in-the-wild exploitation.
Show sources
- Citrix Patches Six NetScaler Flaws Allowing File Read and Denial-of-Service — thehackernews.com — 01.07.2026 06:54
- Citrix Patches Six NetScaler Flaws Allowing File Read and Denial-of-Service — thehackernews.com — 01.07.2026 06:54