CVE-2026-13474
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk32th percentile — higher than 32% of all known CVEs
Summary
The vulnerability allows a DoS attack via malformed HTTP/2 requests to NetScaler ADC and NetScaler Gateway. It occurs when HTTP/2 is enabled in the HTTP profile and associated with a virtual server (LB, CS, VPN) or a service configured on the device.
Risk Assessment
The attack can cause service unavailability on NetScaler, leading to application downtime and business continuity loss.
Recommendation
Immediately apply vendor-provided patches and temporarily disable HTTP/2 in HTTP profiles if feasible until the update is deployed.
Original NVD description (English source)
Denial of service via malformed HTTP/2 requests in NetScaler ADC and NetScaler Gateway if HTTP/2 is enabled in HTTP Profile and associated with the virtual server (of type LB, CS, VPN) or the service configured on NetScaler

