Citrix Releases Security Advisory for NetScaler ADC and NetScaler Gateway
Successful exploitation of CVE-2026-8451 could allow unauthenticated memory disclosure in NetScaler appliances when configured as a SAML IDP
Summary
Successful exploitation of CVE-2026-8451 could allow unauthenticated memory disclosure in NetScaler appliances when configured as a SAML IDP
Affected platforms
The following platforms are known to be affected:
Threat details
Proof-of-Concept Exploit
Security researchers have released a public proof-of-concept exploit for CVE-2026-8451.
Memory leakage vulnerabilities in Citrix NetScaler, dubbed "CitrixBleed", have been weaponised rapidly following the release of a public proof-of-concept exploit in the past.
The NHS England National CSOC assesses exploitation as highly likely.
Introduction
Citrix has released a security advisory to address a high severity vulnerability in NetScaler ADC and NetScaler Gateway. Successful exploitation could allow an unauthenticated attacker to achieve memory disclosure in NetScaler appliances when configured as a SAML IDP.
- CVE-2026-8451 – Out-of-bounds Read (CWE-125) – CVSSv4 score: 8.8
Remediation advice
Affected organisations are encouraged to review Citrix advisory CTX696604 and apply the relevant update as soon as possible.
Definitive source of threat updates
CVE Vulnerabilities
Last edited: 1 July 2026 2:19 pm