CVE Tools
Back to feed
SecurityWeek ·EN-US News source Exploited in the wildCitrix NetScaler ADCCitrix NetScaler Gateway

New CitrixBleed Vulnerability Exploited Immediately After Public Disclosure

By Ionut Arghire··2 min read
CVE Tools coverage

Threat actors reportedly started attacking affected Citrix NetScaler ADC and NetScaler Gateways almost immediately after public disclosure, with exploitation observed in under 24 hours. The issue, tracked as CVE-2026-8451 (CVSS 8.8), is an out-of-bounds read in the NetScaler XML parser that can disclose memory contents via the NSC_TASS cookie when appliances are configured as SAML IDP; no authentication is required for successful exploitation. This matters because the rapid weaponization suggests exposed internet-facing systems could be targeted quickly, so organizations should prioritize patching or mitigate by disabling SAML IDP and checking relevant logs and cookies.