Alert GCSA-26114 - Vulnerabilita' in prodotti Citrix
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ****************************************************************** Alert ID: GCSA-26114 Data: 7 luglio 2026 Titolo: Vulnerabilita' in prodotti Citrix ****************************************************************** :: Descrizione del problema Citrix ha rilasciato aggiornamenti di sicurezza per risolvere sei vulnerabilita' presenti in NetScaler ADC (precedentemente Citrix ADC) e NetScaler Gateway (precedentemente Citrix Gateway). La vulnerabilita' CVE-2026-8451 (CVSS score of 8.8) e' attualmente oggetto di sfruttamento. Per essere vulnerabile, NetScaler ADC o NetScaler Gateway devono essere configurati come provider di identita' SAML. Lo sfruttamento efficace della vulnerabilita' non richiede autenticazione. Maggiori informazioni sono disponibili alla sezione "Riferimenti". :: Software interessato NetScaler ADC e NetScaler Gateway versioni precedenti alla 14.1-72.61 NetScaler ADC e NetScaler Gateway versioni precedenti alla 13.1-63.18 NetScaler ADC FIPS versioni precedenti alla 14.1-72.61 FIPS NetScaler ADC FIPS e NDcPP versioni precedenti alla 13.1-37.272 :: Impatto Lettura arbitraria di file Denial of Service (DoS) Accesso a dati riservati (ID) :: Soluzioni Aggiornare i prodotti alle ultime versioni. https://docs.netscaler.com/en-us/citrix-adc/current-release/upgrade-downgrade-citrix-adc-appliance.html https://docs.netscaler.com/en-us/citrix-adc/current-release/upgrade-downgrade-citrix-adc-appliance/upgrade-standalone-appliance.html https://support.citrix.com/external/article/CTX691210/netscaler-upgrades-and-general-configura.html https://www.citrix.com/downloads/citrix-adc/ :: Riferimenti Citrix Security Bulletin https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696604 The Hacker News https://thehackernews.com/2026/07/citrix-patches-six-netscaler-flaws.html SecurityWeek https://www.securityweek.com/citrix-patches-netscaler-vulnerabilities-including-new-http-2-bomb-attack/ https://www.securityweek.com/new-citrixbleed-vulnerability-exploited-immediately-after-public-disclosure/ Mitre CVE https://www.cve.org/CVERecord?id=CVE-2026-8451 https://www.cve.org/CVERecord?id=CVE-2026-8452 https://www.cve.org/CVERecord?id=CVE-2026-8655 https://www.cve.org/CVERecord?id=CVE-2026-10816 https://www.cve.org/CVERecord?id=CVE-2026-10817 https://www.cve.org/CVERecord?id=CVE-2026-13474 GARR CERT Security Alert - subscribe/unsubscribe: https://www.cert.garr.it/alert/ricevi-gli-alert-di-cert -----BEGIN PGP SIGNATURE----- iF0EAREIAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCakyzSAAKCRDBnEyTZRJg QoifAJ9Aqw3Pn9/nEOpHjW7kl2HLiijIBwCdGRzIJKI6nr3aPGTiv9/okJxbB90= =msTa -----END PGP SIGNATURE-----