BugZero | Citrix NetScaler BugID NSHELP-39031 - The NetScaler OAuth IdP might issue an incorrect e...

Citrix NetScaler - Defect ID: NSHELP-39031

The NetScaler OAuth IdP might issue an incorrect expiry time for the refresh token, which differs from its real expiration. This can result in the early expiry of the refresh token. Also, the relying party obtains an access token with incorrect "issued at" and "expiration" values through the refresh token. This causes the relying party to assume the access tokens expire sooner than they should, leading to authentication failures.

Citrix NetScaler - Defect ID: NSHELP-39031

The NetScaler OAuth IdP might issue an incorrect expiry time for the refresh token, which differs from its real expiration. This can result in the early expiry of the refresh token. Also, the relying party obtains an access token with incorrect "issued at" and "expiration" values through the refresh token. This causes the relying party to assume the access tokens expire sooner than they should, leading to authentication failures.

Last updated on April 29th, 2026

BugZero Risk Score
0.0 Coming soon

Overall: N/A

Severity: N/A

Community: N/A

Lifecycle: N/A

What is the BugZero Risk Score?

Citrix NetScaler Integration

Learn more about where this data comes from

Citrix NetScaler Integration

Learn more

BugZero Plan

Streamline upgrades with automated vendor bug scrubs

BugZero Plan

Learn more

BugZero Prevent

Wish you caught this bug sooner? Get proactive today.

BugZero Prevent

Learn more

Bug Details

Status: Fixed

Description

The vendor has published 1 unique mention(s) for this bug: 1. The NetScaler OAuth IdP might issue an incorrect expiry time for the refresh token, which differs from its real expiration. This can result in the early expiry of the refresh token. Also, the relying party obtains an access token with incorrect "issued at" and "expiration" values through the refresh token. This causes the relying party to assume the access tokens expire sooner than they should, leading to authentication failures. Modules: 1. Authentication, authorization, and auditing Latest urls for this bug: 1. https://docs.netscaler.com/en-us/updates?product=NetScaler%20ADC%20%28includes%20NetScaler%20Gateway%29&version=13.1&build=58.32 2. https://docs.netscaler.com/en-us/updates?product=NetScaler%20ADC%20%28includes%20NetScaler%20Gateway%29&version=14.1&build=43.56 3. https://docs.netscaler.com/en-us/updates?product=NetScaler%20ADC%20%28includes%20NetScaler%20Gateway%29&version=14.1&build=47.48

Change history

2026-04-29 Added: 14.1 Build 43.56

2026-04-29 Removed: Build 14.1-43.56

2025-08-28 Added: Build 14.1-43.56

Top Citrix NetScaler Defects

Defect ID: NSHELP-41484
NetScaler might generate the lsof_<hostname> file each time you create a support bundle. However, the system fails to remove these files immediately after the generation process is complete.
Defect ID: NSHELP-42609
The NetScaler packet engine might crash due to a defect in backend TLS 1.3 connection state handling during teardown. On NetScaler SDX platforms with multiple instances, a crash in one instance can also affect other instances sharing the same crypto hardware.
Defect ID: NSHELP-41518
Client requests might fail if HTTP/2 header values contain space characters. These spaces can trigger header frame processing errors, particularly when the client sends improperly formatted header values.
Defect ID: NSBASE-19568
When the server-side TCP window reaches a 2 GB limit, the gRPC hold logic incorrectly opens the TCP window twice for held bytes, resulting in a zero window advertisement. This issue also includes incorrect accounting of chunk header and trailer bytes before they are passed to the application handler, affecting TCP window management and data transmission.
Defect ID: NSHELP-42103
Pitboss logs might sometimes flood ns.log when the SSLVPN or IC feature is enabled and cache memory is set to 492 MB, specifically when the number of NetScaler packet engines is 4 or 5.

Ready to prevent the next vendor outage?

Get a demo

Citrix NetScaler - Defect ID: NSHELP-39031

Citrix NetScaler - Defect ID: NSHELP-39031

Last updated on April 29th, 2026

BugZero Risk Score0.0 Coming soon

Bug Details

Links

Top Citrix NetScaler Defects

Ready to prevent the next vendor outage?

BugZero Risk Score
0.0 Coming soon