BugZero | Citrix NetScaler BugID NSHELP-39189 - When NetScaler acts as an OAuth relying party, ext...

Citrix NetScaler - Defect ID: NSHELP-39189

When NetScaler acts as an OAuth relying party, extra configuration might be required to validate the "active" property of the access token. Without this configuration, NetScaler continues to grant access even if the OAuth IdP's introspection URL returns the "active" attribute as "false".

Citrix NetScaler - Defect ID: NSHELP-39189

When NetScaler acts as an OAuth relying party, extra configuration might be required to validate the "active" property of the access token. Without this configuration, NetScaler continues to grant access even if the OAuth IdP's introspection URL returns the "active" attribute as "false".

Last updated on April 29th, 2026

BugZero Risk Score
0.0 Coming soon

Overall: N/A

Severity: N/A

Community: N/A

Lifecycle: N/A

What is the BugZero Risk Score?

Citrix NetScaler Integration

Learn more about where this data comes from

Citrix NetScaler Integration

Learn more

BugZero Plan

Streamline upgrades with automated vendor bug scrubs

BugZero Plan

Learn more

BugZero Prevent

Wish you caught this bug sooner? Get proactive today.

BugZero Prevent

Learn more

Bug Details

Status: Fixed

Description

The vendor has published 1 unique mention(s) for this bug: 1. When NetScaler acts as an OAuth relying party, extra configuration might be required to validate the "active" property of the access token. Without this configuration, NetScaler continues to grant access even if the OAuth IdP's introspection URL returns the "active" attribute as "false". Modules: 1. Authentication, authorization, and auditing Latest urls for this bug: 1. https://docs.netscaler.com/en-us/updates?product=NetScaler%20ADC%20%28includes%20NetScaler%20Gateway%29&version=13.1&build=58.32 2. https://docs.netscaler.com/en-us/updates?product=NetScaler%20ADC%20%28includes%20NetScaler%20Gateway%29&version=13.1&build=59.22 3. https://docs.netscaler.com/en-us/updates?product=NetScaler%20ADC%20%28includes%20NetScaler%20Gateway%29&version=13.1&build=60.32 4. https://docs.netscaler.com/en-us/updates?product=NetScaler%20ADC%20%28includes%20NetScaler%20Gateway%29&version=13.1&build=61.25 5. https://docs.netscaler.com/en-us/updates?product=NetScaler%20ADC%20%28includes%20NetScaler%20Gateway%29&version=13.1&build=61.26 6. https://docs.netscaler.com/en-us/updates?product=NetScaler%20ADC%20%28includes%20NetScaler%20Gateway%29&version=13.1&build=62.23 7. https://docs.netscaler.com/en-us/updates?product=NetScaler%20ADC%20%28includes%20NetScaler%20Gateway%29&version=14.1&build=43.56

Change history

2026-05-08 Added: 13.1 Build 63.16

2026-04-29 Added: 13.1 Build 58.32, 13.1 Build 60.32, 13.1 Build 61.25, 13.1 Build 61.26, 13.1 Build 62.23

2026-04-29 Removed: Build 13.1-58.32, Build 13.1-60.32, Build 13.1-61.25, Build 13.1-61.26, Build 13.1-62.23

2026-04-29 Removed: 13.1 Build 63.16

2026-03-23 Added: Build 13.1-62.23

2026-03-23 Removed: Build 13.1-62.21

2026-03-23 Removed: Build 13.1-61.23

2026-03-09 Added: Build 13.1-62.21

2026-01-20 Added: Build 13.1-61.26

2025-12-09 Added: Build 13.1-61.25

2025-11-13 Removed: Build 13.1-58.21, Build 13.1-60.26, Build 13.1-60.29

2025-11-13 Added: Build 13.1-61.23

2025-11-11 Added: Build 13.1-60.32

2025-09-29 Added: Build 13.1-60.29

2025-09-08 Added: Build 13.1-58.21, Build 13.1-58.32, Build 13.1-60.26

Relevant Products

Click on a version to see all relevant bugs

Affected versions:13.1 Build 58.32, 13.1 Build 60.32, 13.1 Build 61.25, 13.1 Build 61.26, 13.1 Build 62.23

Fixed versions: 13.1 Build 59.22, 14.1 Build 43.56

Relevant Products

Click on a version to see all relevant bugs

Affected versions:13.1 Build 58.32, 13.1 Build 60.32, 13.1 Build 61.25, 13.1 Build 61.26, 13.1 Build 62.23

Fixed versions: 13.1 Build 59.22, 14.1 Build 43.56

Top Citrix NetScaler Defects

Defect ID: NSHELP-41484
NetScaler might generate the lsof_<hostname> file each time you create a support bundle. However, the system fails to remove these files immediately after the generation process is complete.
Defect ID: NSHELP-42609
The NetScaler packet engine might crash due to a defect in backend TLS 1.3 connection state handling during teardown. On NetScaler SDX platforms with multiple instances, a crash in one instance can also affect other instances sharing the same crypto hardware.
Defect ID: NSHELP-41518
Client requests might fail if HTTP/2 header values contain space characters. These spaces can trigger header frame processing errors, particularly when the client sends improperly formatted header values.
Defect ID: NSBASE-19568
When the server-side TCP window reaches a 2 GB limit, the gRPC hold logic incorrectly opens the TCP window twice for held bytes, resulting in a zero window advertisement. This issue also includes incorrect accounting of chunk header and trailer bytes before they are passed to the application handler, affecting TCP window management and data transmission.
Defect ID: NSHELP-42103
Pitboss logs might sometimes flood ns.log when the SSLVPN or IC feature is enabled and cache memory is set to 492 MB, specifically when the number of NetScaler packet engines is 4 or 5.

Ready to prevent the next vendor outage?

Get a demo

Citrix NetScaler - Defect ID: NSHELP-39189

When NetScaler acts as an OAuth relying party, extra configuration might be required to validate the "active" property of the access token. Without this configuration, NetScaler continues to grant access even if the OAuth IdP's introspection URL returns the "active" attribute as "false".

Citrix NetScaler - Defect ID: NSHELP-39189

When NetScaler acts as an OAuth relying party, extra configuration might be required to validate the "active" property of the access token. Without this configuration, NetScaler continues to grant access even if the OAuth IdP's introspection URL returns the "active" attribute as "false".

Last updated on April 29th, 2026

BugZero Risk Score0.0 Coming soon

Bug Details

Top Citrix NetScaler Defects

Ready to prevent the next vendor outage?

Links

BugZero Risk Score
0.0 Coming soon