CitrixBleed Deepens: NetScaler Memory-Overread CVE-2026-8451 Exposed

TL;DR Summary
Security researchers reveal CVE-2026-8451, a memory overread in Citrix NetScaler appliances (ADC/Gateway) triggered when configured as a SAML IdP. A lax XML attribute parser can overread input, leaking data such as IDs and assertion URLs via the NSC_TASS cookie and potentially exposing memory contents. Citrix has issued patches after extensive analysis and demonstrations by watchTowr, highlighting ongoing memory-management weaknesses in NetScaler devices.
Reading Insights
Total Reads
1
Unique Readers
6
Time Saved
19 min
vs 20 min read
Condensed
98%
3,922 → 62 words
Want the full story? Read the original article
Read on watchTowr Labs