6.6.3 Appliance

Released May 12, 2026

Updates

NAT Traversal

• Fixed an issue where the UDP/STUN port on the Connection Broker would use the same port number as the configured TCP port instead of the configured Broker port number.

Security

• Fixed issues in the VPN service in which a crash would occur when unsubscribing users took more than 10 seconds or there were frequent configuration reloads.

• Added mitigations for the Copy.Fail (CVE‑2026‑31431) and Dirty Frag (CVE‑2026‑43284, CVE‑2026‑43500) vulnerabilities. See the related knowledge base articles for more information:

  • Security Advisory: CVE‑2026‑31431 Affecting AppGate ZTNA Appliances

  • Security Advisory: CVE‑2026‑43284 and CVE‑2026‑43500 Affecting AppGate ZTNA Appliances

Stability

• Fixed an issue in which the Gateway could become unresponsive in environments with a high volume of simultaneous user logins, causing new login attempts to fail with a "connection refused" error.

ZTP

• Fixed an issue where an entity received duplicate tags because the same tag appeared in both the create privileges' default tags and the entity being created.

Appliance Status

• When license allocation is over 95%, a warning instead of an error message will appear in the Appliance Status column and in Appliance Health Details.

Secrets

• Addressed an issue in which a change introduced in 6.6.0 caused script integrations to break by an unintended forced change to secrets included in scripts.