A critical vulnerability, CVE-2026-8451, affecting Citrix NetScaler ADC and Gateways was rapidly exploited within 24 hours of its public disclosure on June 30, as reported by cybersecurity firm Lupovis. The vulnerability, which scores 8.8 on the CVSS scale, is an out-of-bounds read issue in NetScaler’s XML parser, enabling memory disclosure without requiring authentication. After the details were shared by watchTowr, threat actors began probing exposed instances of NetScaler.
Organizations are strongly advised to patch affected appliances promptly or disable SAML IDP features if immediate patching isn't feasible. They should also monitor system logs for anomalous traffic.