← back

CVE-2026-8451

hype LIKELY HACK · 72 hack

Credible researcher, vendor patches, pre-auth, but no confirmed in-the-wild exploitation or KEV listing yet.

What: Memory overread in Citrix NetScaler ADC and Gateway when configured as SAML IDP; pre-authentication vector; no CVSS/EPSS yet published.

Why it matters: Disclosed same day (2026-06-30) after watchTowr Labs identified it as zero-day in March. Patches available from vendor. Pre-auth attack surface and memory leakage on widely-deployed appliances drives immediate triage urgency. Not KEV-listed yet but researcher + vendor coordination signals legitimate, weaponizable flaw.

Where it's seen: watchTowr Labs disclosure with "CitrixBleed" branding; social posts emphasize pre-auth risk and patch availability; defender calls to patch NetScaler ADC/Gateway now.

RISK: HIGH — Pre-auth memory overread on critical appliances; patches available same-day.

Generated by claude-haiku-4-5 from public posts and authoritative metadata. AI can make mistakes — verify against vendor advisories before acting. 6/30/2026, 11:46:18 PM

Description

Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to memory overread if NetScaler ADC or NetScaler Gateway is configured as a SAML IDP

Weaknesses