CVE-2026-8451
Insufficient input validation leading to memory overread
Description
Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to memory overread if NetScaler ADC or NetScaler Gateway is configured as a SAML IDP
In plain language
AI Low urgencyCVE-2026-8451 is a security flaw in NetScaler ADC/Gateway that can let an attacker read small bits of sensitive memory if those devices are set up as a SAML Identity Provider; most small businesses should check whether they use NetScaler as a SAML IDP and update if they do.
Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML Identity Provider can trigger a memory overread over the network, potentially disclosing sensitive in-memory data.
What to do now
- Check whether your NetScaler ADC or NetScaler Gateway is configured as a SAML Identity Provider (IdP).
- If it is, plan an update to the fixed versions: ADC or Gateway fixed in 72.61, or 63.18, or 37.272.
- After updating, verify the SAML IdP configuration still works and keep the device under normal monitoring for authentication and SAML-related errors.
CVSS Vector Breakdown
AV:NAttack VectorAC:LAttack ComplexityPR:NPrivileges RequiredUI:NUser InteractionS:UScopeC:HConfidentialityI:NIntegrityA:NAvailabilityWeaknesses
Affected Products
Exploitability
Attack Graph
Click technique nodes for MITRE ATT&CK details · drag to pan · Ctrl/⌘ + scroll to zoom, or go fullscreen.
MITRE ATT&CK
1 techniqueReferences
- CitrixBleed-ing Again? NetScaler Vulnerability Under Attacken·Dark Reading·
- 6th July – Threat Intelligence Reporten-us·Check Point Research·
- New CitrixBleed Vulnerability Exploited Immediately After Public Disclosureen-us·SecurityWeek·
- Citrix Patches NetScaler Vulnerabilities, Including New ‘HTTP/2 Bomb’ Attacken-us·SecurityWeek·
- Citrix Patches Six NetScaler Flaws Allowing File Read and Denial-of-Serviceen·The Hacker News·
- CitrixBleed To Infinity And Beyond (Citrix NetScaler Pre-Auth Memory Overread CVE-2026-8451)en·watchTowr Labs·
Unlock Complete Vulnerability Intelligence
Get the full picture for CVE-2026-8451 and every CVE in our database. Create a free account — no credit card required.
Create Free Account