Citrix patches a new NetScaler flaw with echoes of CitrixBleed

Citrix patches a new NetScaler flaw with echoes of CitrixBleed
Citrix disclosed six vulnerabilities in NetScaler ADC and NetScaler Gateway, including CVE-2026-8451, a high-severity memory disclosure flaw linked to the same class of issues behind CitrixBleed. Researchers said the bug affects SAML authentication parsing in identity provider deployments, while the other flaws include denial-of-service, arbitrary file read, memory overread, and a fix that requires a manual configuration change. #Citrix #NetScalerADC #NetScalerGateway #CVE-2026-8451 #CitrixBleed

Keypoints

  • Citrix released a bulletin covering six vulnerabilities in NetScaler ADC and NetScaler Gateway.
  • CVE-2026-8451 is a memory disclosure flaw tied to SAML authentication request parsing.
  • WatchTowr found the issue while reproducing CVE-2026-3055.
  • Five additional flaws can cause denial of service, arbitrary file reads, or memory overreads.
  • One fix requires administrators to manually adjust a configuration parameter after patching.

Read More: https://cyberscoop.com/citrix-netscaler-flaw-cve-2026-8451-citrixbleed/