Citrix Patches NetScaler Vulnerabilities, Including New ‘HTTP/2 Bomb’ Attack

Citrix Patches NetScaler Vulnerabilities, Including New ‘HTTP/2 Bomb’ Attack
Citrix released security updates for NetScaler ADC and NetScaler Gateway that fix six vulnerabilities, including the HTTP/2 Bomb denial-of-service flaw. WatchTowr highlighted CVE-2026-8451 as a likely CitrixBleed-related issue that could leak sensitive memory and potentially lead to full device compromise. #Citrix #NetScalerADC #NetScalerGateway #CVE-2026-8451 #HTTP2Bomb #CitrixBleed

Keypoints

  • Citrix patched six vulnerabilities in NetScaler ADC and NetScaler Gateway.
  • Four of the flaws are high-severity issues affecting memory handling and file access.
  • HTTP/2 Bomb was assigned CVE-2026-13474 for NetScaler-specific tracking.
  • CVE-2026-8451 may leak restricted memory when NetScaler is used as a SAML IDP.
  • Citrix urges customers to install the latest fixes immediately.

Read More: https://www.securityweek.com/citrix-patches-netscaler-vulnerabilities-including-new-http-2-bomb-attack/