New CitrixBleed Vulnerability Exploited Immediately After Public Disclosure

New CitrixBleed Vulnerability Exploited Immediately After Public Disclosure
Threat actors began exploiting CVE-2026-8451 in NetScaler ADC and NetScaler Gateway appliances less than 24 hours after Citrix disclosed and patched the issue. The bug can leak memory from SAML IDP-configured systems without authentication, and early probing has already been linked to scanning from Frankfurt and Koapu Cloud HK infrastructure. #CitrixBleed #CVE-2026-8451 #NetScaler #Citrix

Keypoints

  • Attackers exploited CVE-2026-8451 within 24 hours of public disclosure.
  • The flaw affects NetScaler ADC and NetScaler Gateway devices configured as SAML IDP.
  • The issue is an out-of-bounds read in NetScaler’s XML parser.
  • Successful exploitation can leak memory into the NSC_TASS cookie without authentication.
  • Lupovis observed multiple probing attempts and urged immediate patching or SAML IDP disablement.

Read More: https://www.securityweek.com/new-citrixbleed-vulnerability-exploited-immediately-after-public-disclosure/