CitrixBleed Deepens: NetScaler Memory-Overread CVE-2026-8451 Exposed

1 min read
Source: watchTowr Labs
CitrixBleed Deepens: NetScaler Memory-Overread CVE-2026-8451 Exposed
Photo: watchTowr Labs
TL;DR Summary

Security researchers reveal CVE-2026-8451, a memory overread in Citrix NetScaler appliances (ADC/Gateway) triggered when configured as a SAML IdP. A lax XML attribute parser can overread input, leaking data such as IDs and assertion URLs via the NSC_TASS cookie and potentially exposing memory contents. Citrix has issued patches after extensive analysis and demonstrations by watchTowr, highlighting ongoing memory-management weaknesses in NetScaler devices.

Share this article

Reading Insights

Total Reads

1

Unique Readers

6

Time Saved

19 min

vs 20 min read

Condensed

98%

3,92262 words

Want the full story? Read the original article

Read on watchTowr Labs