Citrix patches NetScaler memory disclosure flaw echoing CitrixBleed vulnerability class
Citrix released security bulletin addressing six vulnerabilities in NetScaler ADC and Gateway, including CVE-2026-8451, a high-severity memory disclosure flaw discovered by watchTowr researchers that shares root cause with earlier exploited CVE-2026-3055.
Attack Brief
TargetCitrix NetScaler ADC and NetScaler Gateway appliancesVectorOut-of-bounds memory read via malformed SAML authentication requests in SAML identity provider modeAttributionresearcher disclosure (watchTowr)
Technical Details
CVE IDsCVE-2026-8451CVE-2026-3055MITRE ATT&CKT1005AffectedNetScaler ADC and NetScaler Gateway appliances; SAML identity provider deployment mode
Impact
Confirmed DamageMemory disclosure; denial-of-service conditions; arbitrary file reads on exposed management interfaces
Mitigation
PatchesUpdated NetScaler ADC and Gateway builds per CTX696604WorkaroundsManual configuration parameter adjustment required for HTTP/2 denial-of-service mitigation; timeout parameter must be explicitly set to address underlying condition
Context
Similar AttacksCVE-2026-3055 (March 2026, added to CISA KEV catalog with confirmed active exploitation); CitrixBleed (2023 incident establishing memory management vulnerability class in NetScaler)