A critical vulnerability (CVE-2026-8451) in Citrix NetScaler is being actively exploited, allowing attackers to perform pre-authentication memory overreads on appliances configured as SAML identity providers. This flaw poses serious risks as it can grant attackers access before user login. Technical details and proof-of-concept code were released, facilitating exploitation within 24 hours. Affected versions include NetScaler ADC and Gateway 14.1 prior to 14.1-72.61 and 13.1 prior to 13.1-63.18.
Citrix has provided patched versions, urging organizations to update immediately due to ongoing attacks. Incident reports indicate active exploitation attempts.