SecurityWeek • 2h
Citrix NetScaler ADC and Gateway: CVE-2026-8451 and HTTP/2 DoS Vulnerabilities
Citrix has patched six vulnerabilities in NetScaler ADC and NetScaler Gateway, most notably CVE-2026-8451 (CVSS 8.8). This high-severity flaw stems from insufficient input validation, enabling unauthorized arbitrary file reads and sensitive information disclosure, mirroring the technical patterns of the "CitrixBleed" exploit. Additionally, the update remediates an "HTTP/2 Bomb" vulnerability that facilitates Denial-of-Service (DoS) attacks via resource exhaustion, analogous to the HTTP/2 Rapid Reset vector. These vulnerabilities allow attackers to compromise perimeter security by exfiltrating memory contents or disrupting service availability. Immediate firmware updates are required to mitigate these risks.