CitrixBleed To Infinity And Beyond (Citrix NetScaler Pre-Auth Memory Overread CVE-2026-8451)
watchTowr Labs reports that Citrix has publicly disclosed a pre-auth memory disclosure issue, CVE-2026-8451, in Citrix NetScaler when the NetScaler appliance is configured as a SAML IDP. The vulnerability is described as insufficient input validation leading to memory overread, with affected products including NetScaler ADC and NetScaler Gateway 14.1 BEFORE 14.1-72.61, NetScaler ADC and NetScaler Gateway 13.1 BEFORE 13.1-63.18, NetScaler ADC FIPS BEFORE 14.1-72.61 FIPS, and NetScaler ADC FIPS and NDcPP BEFORE 13.1-37.272. This matters because it can cause the appliance to include unintended memory contents in responses (e.g., within cookies), potentially exposing sensitive data to an unauthenticated attacker.
Well, well, well - once again, the cat has dragged us in and spat us out.
Today, we find ourselves questioning the reality we sit within. Must it be so predictable, and why us? “But watchTowr, what do you mean?”
Well, if you’re here, you likely fit into one of the following categories:
- A dear reader,
- A group therapy accomplice
- A Groundhog Day fan club member…