Citrix released security updates for NetScaler ADC and NetScaler Gateway that fix six vulnerabilities, including the HTTP/2 Bomb denial-of-service flaw. WatchTowr highlighted CVE-2026-8451 as a likely CitrixBleed-related issue that could leak sensitive memory and potentially lead to full device compromise. #Citrix #NetScalerADC #NetScalerGateway #CVE-2026-8451 #HTTP2Bomb #CitrixBleed
Keypoints
- Citrix patched six vulnerabilities in NetScaler ADC and NetScaler Gateway.
- Four of the flaws are high-severity issues affecting memory handling and file access.
- HTTP/2 Bomb was assigned CVE-2026-13474 for NetScaler-specific tracking.
- CVE-2026-8451 may leak restricted memory when NetScaler is used as a SAML IDP.
- Citrix urges customers to install the latest fixes immediately.