BugZero | Citrix NetScaler BugID NSHELP-40439 - A TLS 1.3 virtual server might truncate the applic...

Citrix NetScaler - Defect ID: NSHELP-40439

A TLS 1.3 virtual server might truncate the application response data when the client sends a close_notify alert before the virtual server completes sending its full response.

Citrix NetScaler - Defect ID: NSHELP-40439

A TLS 1.3 virtual server might truncate the application response data when the client sends a close_notify alert before the virtual server completes sending its full response.

Last updated on April 28th, 2026

BugZero Risk Score
0.0 Coming soon

Overall: N/A

Severity: N/A

Community: N/A

Lifecycle: N/A

What is the BugZero Risk Score?

Citrix NetScaler Integration

Learn more about where this data comes from

Citrix NetScaler Integration

Learn more

BugZero Plan

Streamline upgrades with automated vendor bug scrubs

BugZero Plan

Learn more

BugZero Prevent

Wish you caught this bug sooner? Get proactive today.

BugZero Prevent

Learn more

Bug Details

Status: Fixed

Description

The vendor has published 1 unique mention(s) for this bug: 1. A TLS 1.3 virtual server might truncate the application response data when the client sends a close_notify alert before the virtual server completes sending its full response. Modules: 1. SSL Latest urls for this bug: 1. https://docs.netscaler.com/en-us/updates?product=NetScaler%20ADC%20%28includes%20NetScaler%20Gateway%29&version=14.1&build=56.74

Change history

2026-04-28 Added: 14.1 Build 56.74

2026-04-28 Removed: Build 14.1-56.74

2025-11-11 Removed: Build 14.1-56.71

2025-11-11 Added: Build 14.1-56.74

2025-10-24 Added: Build 14.1-56.71

Top Citrix NetScaler Defects

Defect ID: NSHELP-42609
The NetScaler packet engine might crash due to a defect in backend TLS 1.3 connection state handling during teardown. On NetScaler SDX platforms with multiple instances, a crash in one instance can also affect other instances sharing the same crypto hardware.
Defect ID: NSHELP-41484
NetScaler might generate the lsof_<hostname> file each time you create a support bundle. However, the system fails to remove these files immediately after the generation process is complete.
Defect ID: NSHELP-41518
Client requests might fail if HTTP/2 header values contain space characters. These spaces can trigger header frame processing errors, particularly when the client sends improperly formatted header values.
Defect ID: NSBASE-19568
When the server-side TCP window reaches a 2 GB limit, the gRPC hold logic incorrectly opens the TCP window twice for held bytes, resulting in a zero window advertisement. This issue also includes incorrect accounting of chunk header and trailer bytes before they are passed to the application handler, affecting TCP window management and data transmission.
Defect ID: NSHELP-42103
Pitboss logs might sometimes flood ns.log when the SSLVPN or IC feature is enabled and cache memory is set to 492 MB, specifically when the number of NetScaler packet engines is 4 or 5.

Ready to prevent the next vendor outage?

Get a demo

Citrix NetScaler - Defect ID: NSHELP-40439

A TLS 1.3 virtual server might truncate the application response data when the client sends a close_notify alert before the virtual server completes sending its full response.

Citrix NetScaler - Defect ID: NSHELP-40439

A TLS 1.3 virtual server might truncate the application response data when the client sends a close_notify alert before the virtual server completes sending its full response.

Last updated on April 28th, 2026

BugZero Risk Score0.0 Coming soon

Bug Details

Links

Top Citrix NetScaler Defects

Ready to prevent the next vendor outage?

BugZero Risk Score
0.0 Coming soon