
CitrixBleed Deepens: NetScaler Memory-Overread CVE-2026-8451 Exposed
Security researchers reveal CVE-2026-8451, a memory overread in Citrix NetScaler appliances (ADC/Gateway) triggered when configured as a SAML IdP. A lax XML attribute parser can overread input, leaking data such as IDs and assertion URLs via the NSC_TASS cookie and potentially exposing memory contents. Citrix has issued patches after extensive analysis and demonstrations by watchTowr, highlighting ongoing memory-management weaknesses in NetScaler devices.