CVE-2026-8451
Credible researcher, vendor patches, pre-auth, but no confirmed in-the-wild exploitation or KEV listing yet.
What: Memory overread in Citrix NetScaler ADC and Gateway when configured as SAML IDP; pre-authentication vector; no CVSS/EPSS yet published.
Why it matters: Disclosed same day (2026-06-30) after watchTowr Labs identified it as zero-day in March. Patches available from vendor. Pre-auth attack surface and memory leakage on widely-deployed appliances drives immediate triage urgency. Not KEV-listed yet but researcher + vendor coordination signals legitimate, weaponizable flaw.
Where it's seen: watchTowr Labs disclosure with "CitrixBleed" branding; social posts emphasize pre-auth risk and patch availability; defender calls to patch NetScaler ADC/Gateway now.
RISK: HIGH — Pre-auth memory overread on critical appliances; patches available same-day.
Description
Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to memory overread if NetScaler ADC or NetScaler Gateway is configured as a SAML IDP