CVE Catalog

CVE-2026-13474

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.40%

32th percentile — higher than 32% of all known CVEs

Summary

The vulnerability allows a DoS attack via malformed HTTP/2 requests to NetScaler ADC and NetScaler Gateway. It occurs when HTTP/2 is enabled in the HTTP profile and associated with a virtual server (LB, CS, VPN) or a service configured on the device.

Risk Assessment

The attack can cause service unavailability on NetScaler, leading to application downtime and business continuity loss.

Recommendation

Immediately apply vendor-provided patches and temporarily disable HTTP/2 in HTTP profiles if feasible until the update is deployed.

Original NVD description (English source)

Denial of service via malformed HTTP/2 requests in NetScaler ADC and NetScaler Gateway if HTTP/2 is enabled in HTTP Profile and associated with the virtual server (of type LB, CS, VPN) or the service configured on NetScaler

Vulnerability data from NVD (NIST) · CISA KEV · EPSS