CVE-2026-8451

HIGH

Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to memory overread if NetScaler ADC or NetScaler Gateway is configured as a SAML IDP

CVSS v3.1 Score

7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
NETWORK
Complexity
LOW
Privileges
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE
Published: 6/30/2026Modified: 7/1/2026

Related Intelligence (5)

CRITICALVulnerability

New CitrixBleed-like NetScaler flaw sees exploit attempts in the wild

Citrix NetScaler appliances have been a constant target for attackers in recent years, most recently through an information leak vulnerability dubbed CitrixBleed 3, the latest in a series of NetScaler memory overreads going back to 2023. This week, Citrix patched yet another CitrixBleed-like vulnerability and there are signs of in-the-wild exploitation already. The new memory overread vulnerabilit

CVE-2026-8451CVE-2023-4966
CSO Online
MEDIUMVulnerabilityPOC

New CitrixBleed Vulnerability Exploited Immediately After Public Disclosure

Hackers are targeting NetScaler appliances using public PoC code to retrieve arbitrary memory content in the HTTP response. The post New CitrixBleed Vulnerability Exploited Immediately After Public Disclosure appeared first on SecurityWeek .

CVE-2026-8451
SecurityWeek
LOWVulnerability

Citrix Patches Six NetScaler Flaws Allowing File Read and Denial-of-Service

Citrix on Tuesday released security updates to address multiple flaws in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) that could be exploited by an attacker to facilitate arbitrary file reads or trigger a denial-of-service (DoS) condition. The vulnerabilities are listed below - CVE-2026-8451 (CVSS score: 8.8) - An insufficient input validation

CVE-2026-8451
The Hacker News
MEDIUMVulnerability

CitrixBleed To Infinity And Beyond (Citrix NetScaler Pre-Auth Memory Overread CVE-2026-8451) - watchTowr Labs

[object Object]

CVE-2026-8451
r/cybersecurity
HIGHVulnerability

NVD HIGH: CVE-2026-8451 — Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to ...

Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to memory overread if NetScaler ADC or NetScaler Gateway is configured as a SAML IDP

CVE-2026-8451
NIST NVD

References (1)