BugZero | Citrix NetScaler BugID NSHELP-39189 - When NetScaler acts as an OAuth relying party, ext...

Citrix NetScaler - Defect ID: NSHELP-39189

When NetScaler acts as an OAuth relying party, extra configuration might be required to validate the "active" property of the access token. Without this configuration, NetScaler continues to grant access even if the OAuth IdP's introspection URL returns the "active" attribute as "false".

Citrix NetScaler - Defect ID: NSHELP-39189

When NetScaler acts as an OAuth relying party, extra configuration might be required to validate the "active" property of the access token. Without this configuration, NetScaler continues to grant access even if the OAuth IdP's introspection URL returns the "active" attribute as "false".

Last updated on May 8th, 2026

BugZero Risk Score
0.0 Coming soon

Overall: N/A

Severity: N/A

Community: N/A

Lifecycle: N/A

What is the BugZero Risk Score?

Citrix NetScaler Integration

Learn more about where this data comes from

Citrix NetScaler Integration

Learn more

BugZero Plan

Streamline upgrades with automated vendor bug scrubs

BugZero Plan

Learn more

BugZero Prevent

Wish you caught this bug sooner? Get proactive today.

BugZero Prevent

Learn more

Bug Details

Status: Fixed

Description

The vendor has published 1 unique mention(s) for this bug: 1. When NetScaler acts as an OAuth relying party, extra configuration might be required to validate the "active" property of the access token. Without this configuration, NetScaler continues to grant access even if the OAuth IdP's introspection URL returns the "active" attribute as "false". Modules: 1. Authentication, authorization, and auditing Latest urls for this bug: 1. https://docs.netscaler.com/en-us/updates?product=NetScaler%20ADC%20%28includes%20NetScaler%20Gateway%29&version=13.1&build=58.32 2. https://docs.netscaler.com/en-us/updates?product=NetScaler%20ADC%20%28includes%20NetScaler%20Gateway%29&version=13.1&build=59.22 3. https://docs.netscaler.com/en-us/updates?product=NetScaler%20ADC%20%28includes%20NetScaler%20Gateway%29&version=13.1&build=60.32 4. https://docs.netscaler.com/en-us/updates?product=NetScaler%20ADC%20%28includes%20NetScaler%20Gateway%29&version=13.1&build=61.25 5. https://docs.netscaler.com/en-us/updates?product=NetScaler%20ADC%20%28includes%20NetScaler%20Gateway%29&version=13.1&build=61.26 6. https://docs.netscaler.com/en-us/updates?product=NetScaler%20ADC%20%28includes%20NetScaler%20Gateway%29&version=13.1&build=62.23 7. https://docs.netscaler.com/en-us/updates?product=NetScaler%20ADC%20%28includes%20NetScaler%20Gateway%29&version=13.1&build=63.16 8. https://docs.netscaler.com/en-us/updates?product=NetScaler%20ADC%20%28includes%20NetScaler%20Gateway%29&version=14.1&build=43.56

Change history

2026-05-08 Added: 13.1 Build 63.16

2026-04-29 Added: 13.1 Build 58.32, 13.1 Build 60.32, 13.1 Build 61.25, 13.1 Build 61.26, 13.1 Build 62.23

2026-04-29 Removed: Build 13.1-58.32, Build 13.1-60.32, Build 13.1-61.25, Build 13.1-61.26, Build 13.1-62.23

2026-03-23 Removed: Build 13.1-61.23

2026-03-23 Added: Build 13.1-62.23

2026-03-23 Removed: Build 13.1-62.21

2026-03-09 Added: Build 13.1-62.21

2026-01-20 Added: Build 13.1-61.26

2025-12-09 Added: Build 13.1-61.25

2025-11-13 Removed: Build 13.1-58.21, Build 13.1-60.26, Build 13.1-60.29

2025-11-13 Added: Build 13.1-61.23

2025-11-11 Added: Build 13.1-60.32

2025-09-29 Added: Build 13.1-60.29

2025-09-08 Added: Build 13.1-58.21, Build 13.1-58.32, Build 13.1-60.26

Relevant Products

Click on a version to see all relevant bugs

Affected versions:13.1 Build 58.32, 13.1 Build 60.32, 13.1 Build 61.25, 13.1 Build 61.26, 13.1 Build 62.23, 13.1 Build 63.16

Fixed versions: 13.1 Build 59.22, 14.1 Build 43.56

Relevant Products

Click on a version to see all relevant bugs

Affected versions:13.1 Build 58.32, 13.1 Build 60.32, 13.1 Build 61.25, 13.1 Build 61.26, 13.1 Build 62.23, 13.1 Build 63.16

Fixed versions: 13.1 Build 59.22, 14.1 Build 43.56

Top Citrix NetScaler Defects

Defect ID: NSHELP-43462
In pooled licensing mode, for NetScaler SDX devices, only the Platinum edition is allocated. Standard and Advanced editions are not allocated even when values are provided.
Defect ID: NSHELP-42663
NetScaler BLX instance upgrades initiated through NetScaler Console fail even when NetScaler BLX instances are up and operational. This issue occurs because the pre-upgrade check incorrectly reports the instances as unreachable, which prevents the successful upgrade.
Defect ID: NSHELP-42818
This issue will impact you if you have an SDX migrated or migrating from any type of NetScaler local license (fixed capacity subscription or perpetual license) file based licensing to any type of license with LAS based licensing and the legacy file-based licenses have not been deleted from the SVM. Impact: If there is any local legacy file-based license yet existing on the SVM after having transitioned to LAS, then the expiry of the file-based license triggers the un-licensing of the SDX (SVM and VPX on SDX) on the date of that license file expiry. Workaround: Delete the local file-based license(s) on the SVM after the migration to LAS has been done successfully. The file-based licenses would be located in SVM folder /mpsconfig/license and must be deleted from this folder using the shell prompt.
Defect ID: NSNET-33932
On NetScaler VPX-Linux deployments, memory allocation errors might occur when you configure route redistribution (connected, RIP, or RIPng routes) on OSPF6. These errors can disrupt the routing functionality.
Defect ID: NSHELP-42494
Uploading the LAS activation blob from the NetScaler GUI might fail with the error Invalid Object name.

Ready to prevent the next vendor outage?

Get a demo

Citrix NetScaler - Defect ID: NSHELP-39189

When NetScaler acts as an OAuth relying party, extra configuration might be required to validate the "active" property of the access token. Without this configuration, NetScaler continues to grant access even if the OAuth IdP's introspection URL returns the "active" attribute as "false".

Citrix NetScaler - Defect ID: NSHELP-39189

When NetScaler acts as an OAuth relying party, extra configuration might be required to validate the "active" property of the access token. Without this configuration, NetScaler continues to grant access even if the OAuth IdP's introspection URL returns the "active" attribute as "false".

Last updated on May 8th, 2026

BugZero Risk Score0.0 Coming soon

Bug Details

Top Citrix NetScaler Defects

Ready to prevent the next vendor outage?

Links

BugZero Risk Score
0.0 Coming soon