SecurityWeek • 2h
Critical Memory Overread Vulnerability in Citrix NetScaler CVE-2026-8451
Citrix has identified a high-severity memory overread vulnerability (CVE-2026-8451, CVSS 8.8) affecting NetScaler ADC and NetScaler Gateway. The flaw stems from insufficient input validation, allowing unauthenticated attackers to trigger memory dumps and expose sensitive session data or credentials. This vulnerability is specifically critical for instances configured as a SAML Identity Provider (IdP). Active exploitation has been observed in the wild, mirroring the mechanics of the previous "CitrixBleed" exploit. Remediation requires immediate firmware updates to address this and five associated vulnerabilities, including CVE-2026-8452 and CVE-2026-13474, to prevent unauthorized resource access.