www.securityweek.com 7/2/2026, 3:21:37 PM · external

Citrix NetScaler flaw CVE-2026-8451 exploited within hours

Citrix NetScaler flaw CVE-2026-8451 exploited within hours
Developing story vulnerability 3 articles tracked
Citrix patches multiple NetScaler ADC and Gateway vulnerabilities
CyberSIXT Evidence Panel
CVE Intel
CISA KEV Not in KEV
Patch Patch Available

A critical vulnerability, CVE-2026-8451, affecting Citrix NetScaler ADC and Gateways was rapidly exploited within 24 hours of its public disclosure on June 30, as reported by cybersecurity firm Lupovis. The vulnerability, which scores 8.8 on the CVSS scale, is an out-of-bounds read issue in NetScaler’s XML parser, enabling memory disclosure without requiring authentication. After the details were shared by watchTowr, threat actors began probing exposed instances of NetScaler.

Organizations are strongly advised to patch affected appliances promptly or disable SAML IDP features if immediate patching isn't feasible. They should also monitor system logs for anomalous traffic.

View full article

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline