Find notable cyber news and cases, enriched with sources, timelines, and signals.

Citrix security patch release for CVE-2026-13474

Security Patch Release
First reported
Last updated
Happening score
H score 35
1 unique sources, 1 articles

Summary

Hide ▲

Citrix released security updates for NetScaler ADC and NetScaler Gateway to fix six vulnerabilities that could enable arbitrary file reads or denial of service across several product branches. The patched releases include 14.1-72.61 and 13.1-63.18, along with related FIPS and NDcPP builds. One issue, CVE-2026-13474, also requires a manual HTTP/2 configuration change on some appliances to fully close the risk. Citrix said there is no evidence of in-the-wild exploitation.

Related Happenings

Dify security patch release for CVE-2026-41947

Security Patch Release
H score34 First: 22.06.2026 19:13 Last: 22.06.2026 19:13 Sources 1

About this happening: **Dify** shipped **version 1.14.2** to fix most of the **DifyTap** vulnerabilities, closing cross-tenant paths that could expose **AI chats**, **uploaded files**, and internal API...

Microsoft security patch release for CVE-2026-41091 and CVE-2026-45498

Security Patch Release
H score44 First: 21.05.2026 10:49 Last: 21.05.2026 10:49 Sources 1

About this happening: Microsoft rolled out security updates for Defender and related malware protection components to address two zero-days: CVE-2026-41091 and CVE-2026-45498. The fixes cover affected...

Latest development: 21.05.2026 12:52

Microsoft released patches for Microsoft Defender Antimalware Platform version 4.18.26040.7 to address CVE-2026-41091, a link-following privilege-escalation flaw that can let an authorized attacker elevate privileges locally to System, and CVE-2026-45498, a denial-of-service flaw. Microsoft said both vulnerabilities were publicly disclosed and exploited in the wild as zero-days. CISA added both flaws to its Known Exploited Vulnerabilities (KEV) list and urged federal agencies to patch them by June 3.

Microsoft security patch release for CVE-2026-41089

Security Patch Release
H score43 First: 13.05.2026 00:46 Last: 13.05.2026 00:46 Sources 1

About this happening: **Microsoft** and other major software vendors shipped a heavy **May 2026** patch cycle, with fixes spanning **Windows**, **iOS**, **Firefox**, **Oracle** products, and **Chrome**...

CISA KEV order for CVE-2026-3055 on Citrix appliances

Public Sector Action
H score34 First: 31.03.2026 10:05 Last: 31.03.2026 10:05 Sources 1

About this happening: CISA added **CVE-2026-3055** to the **KEV Catalog** and ordered **FCEB agencies** to secure **Citrix NetScaler** appliances by **Thursday, April 2**, turning an **actively exploit...

Cloud Software Group NetScaler urgent remediation advisory

Advisory/Mitigation
H score44 First: 25.03.2026 17:52 Last: 25.03.2026 17:52 Sources 1

About this happening: **Cloud Software Group** issued urgent remediation guidance for **NetScaler ADC** and **NetScaler Gateway**, telling affected customers to install updated versions as soon as poss...

Timeline

  1. 01.07.2026 06:54 2 articles · 2h ago

    Citrix releases NetScaler patches for six vulnerabilities

    Mitigation Patch Update

    Citrix released security updates for NetScaler ADC and NetScaler Gateway to address CVE-2026-8451, CVE-2026-8452, CVE-2026-8655, CVE-2026-10816, CVE-2026-10817, and CVE-2026-13474. Fixed builds include 14.1-72.61 and 13.1-63.18, along with related FIPS and NDcPP releases. For CVE-2026-13474, appliances without HTTP Strict Profiles also need Http2SmallWndTimeout set to 30 seconds after upgrading, and Citrix said there is no evidence of in-the-wild exploitation.

    Show sources