DECEPTION CHECK
Threat Research · Vulnerability

CitrixBleed Comes Back to the NetScaler Front Door: CVE-2026-8451

Citrix's internet-facing NetScaler appliances have a new pre-authentication memory leak. When an appliance is set up as a SAML identity provider, a malformed login request makes it hand back fragments of its own memory. It is smaller than the original CitrixBleed, but it sits on the same devices that guard remote access into hospitals, utilities, and plant networks, and within days of disclosure it moved from proof-of-concept to active exploitation in the wild.

Deception Check  |  July 8, 2026  |  CVE-2026-8451  |  CVSS 8.8 High  |  Citrix bulletin CTX696604, disclosed 2026-06-30
The short version CVE-2026-8451 is a pre-authentication memory overread in Citrix NetScaler ADC and NetScaler Gateway, reachable only when the appliance is configured as a SAML identity provider. A remote, unauthenticated attacker sends a malformed SAML login request and the appliance returns fragments of its own memory in the response. Researchers at watchTowr, who found the bug, place it in the same "CitrixBleed" class of memory-disclosure flaws that has repeatedly been weaponized against Citrix devices, including in ransomware. This one leaks only a few bytes per request rather than the kilobytes of the 2023 original, but the leaked data can include memory pointers useful for defeating protections and chaining to code execution, and a minimal malformed request also reliably crashes the appliance. It is not on CISA's Known Exploited Vulnerabilities list as of this writing, but it did not stay theoretical: threat-intelligence vendors including CrowdSec observed the first in-the-wild exploitation on July 2, within days of disclosure, and have flagged dozens of attacking IPs since. It reached our watch through the independent proof-of-concept gate — a public PoC repository for CVE-2026-8451 was created on GitHub on July 4, 2026, and watchTowr published exploit details alongside the June 30 disclosure — and has since crossed into confirmed exploitation. We flag it because NetScaler is exactly the kind of internet-facing edge appliance that fronts remote access into critical-infrastructure networks.

What the vulnerability is

NetScaler ADC and NetScaler Gateway, formerly branded Citrix ADC, are internet-facing application-delivery and VPN appliances. They sit at the network edge and provide load balancing, authentication, single sign-on, and remote access. In many organizations the NetScaler is the front door: the box that terminates the VPN, brokers logins, and decides who gets to reach internal applications. One common deployment mode makes the appliance a SAML identity provider, so it issues the assertions other applications trust for single sign-on. CVE-2026-8451 lives in that SAML identity-provider code, and it is only reachable when that mode is configured.

8.8
CVSS, High
Pre-auth
no login required
CWE-125
out-of-bounds read

watchTowr found the flaw in late March while reproducing a separate NetScaler bug, CVE-2026-3055, that Citrix had disclosed earlier in the year and that CISA added to its Known Exploited Vulnerabilities catalog after active exploitation was confirmed within days. The two share a root cause: out-of-bounds memory reads triggered by malformed SAML requests to the appliance's authentication endpoints. As the researchers put it, memory management "continues to appear fragile" in these appliances, to the point that even a misconfiguration can leak memory.

How the exploit works

A SAML login to NetScaler begins with a client-supplied, base64-encoded XML document sent to the /saml/login endpoint. Rather than parse that XML with a hardened, well-tested library, the appliance uses a custom parser, and that is where the bug lives. When the parser reads an unquoted attribute value, it only stops when it hits a null byte, a closing >, or a matching quote. Critically, it does not treat whitespace or newlines as terminators, so a value that is left open simply keeps consuming whatever bytes come next in memory.

watchTowr showed that the AssertionConsumerServiceURL attribute could be left blank, left unterminated, and reordered within the input so that the parser runs off the end of the intended data and reads adjacent process memory. The appliance then does the truly unfortunate part: it reflects that over-read memory back to the attacker, returned inside the appliance's NSC_TASS response cookie. The attacker sends a crafted login and reads leaked memory out of the reply.

The appliance reads past the end of the attacker's own input, then hands the leftover memory back in its response. No credentials, no session, just a malformed login and whatever was sitting next in RAM.

Two honest limits keep this from being a carbon copy of the 2023 CitrixBleed. First, the over-read stops at the next control character, such as a null byte, so each request typically returns only a few bytes rather than the kilobytes the original leaked. Second, extracting anything useful takes many requests. But small and repeatable still matters, because the leaked fragments can include process pointers, and pointer leaks are precisely what an attacker needs to defeat address-space layout randomization and chain a memory-disclosure bug toward remote code execution. And there is a blunt second option: watchTowr notes that a minimal malformed request to the same endpoint reliably crashes the appliance, which turns this into a trivial, unauthenticated denial of service against the box that guards remote access.

Why an IT edge appliance lands on an OT and CI watch

We want to be precise about scope. NetScaler is IT infrastructure, not an industrial control system, and CVE-2026-8451 is not an ICS advisory. We are flagging it under our operational-technology and critical-infrastructure watch for a specific and, we think, defensible reason: NetScaler ADC and Gateway are among the internet-facing edge appliances that most often bridge into those environments. In hospitals, utilities, water systems, and manufacturers, the Citrix front door is frequently the remote-access and single-sign-on chokepoint that stands between the public internet and the internal network, including the IT-to-OT boundary. A weakness in that box is a weakness in the perimeter that protects everything behind it.

The class history is the reason to take it seriously. The original CitrixBleed, CVE-2023-4966, leaked session tokens that let attackers hijack authenticated sessions and skip multi-factor authentication, and it was weaponized quickly and broadly, including by ransomware crews against hospitals and other critical organizations. Citrix's NetScaler line has accumulated more than twenty entries in CISA's KEV catalog over the past three years, several of them tied to ransomware. CVE-2026-8451 leaks less per request than the 2023 bug, so we are not claiming it is the same caliber of session-stealing skeleton key. We are saying it belongs to a family with a long record of fast weaponization, on a device that sits exactly where a foothold does the most damage.

What we see from our sensors

We run a fleet of honeypots and edge decoys, and unlike some of the cloud-side issues we cover, this one is squarely in our lane. The vulnerability is reached by sending network traffic to an internet-facing appliance, which is exactly what our decoys are built to emulate and observe.

The observable footprint is concrete. An attacker probing for CVE-2026-8451 has to reach the SAML endpoint, so we would expect to see requests to /saml/login carrying base64-encoded SAML payloads, malformed or truncated XML in those payloads, and replies where the NSC_TASS cookie is being harvested. Scanning for NetScaler devices with SAML identity-provider mode enabled is a natural precursor, and the DoS variant, a minimal malformed request that crashes the service, has its own noisy signature. A decoy that presents as a NetScaler-style edge appliance is well placed to catch reconnaissance and early exploitation of this bug.

The honest framing We are not reporting confirmed CVE-2026-8451 captures in our own fleet as of this writing, and we will not imply we have them. What we are saying is that this is a network-reachable edge-appliance bug, which is the category our sensors are designed for, and that the indicators above are what we are watching for. If your own perimeter includes NetScaler, the same request patterns are what your web and appliance logs should be reviewed for.

How to fix or mitigate it

The primary fix is to patch to the corrected builds. Citrix disclosed the issue on June 30, 2026 in bulletin CTX696604 and released fixed versions; cloud-managed NetScaler services were updated by the vendor. Because this is a CitrixBleed-class flaw, treat patching as necessary but not automatically sufficient: consistent with guidance from prior NetScaler incidents, an appliance you believe may have been probed should have its secrets rotated and its active sessions terminated after updating, since a patch does not retroactively invalidate anything an attacker may already have pulled from memory.

Fixed versions
NetScaler ADC and Gateway 14.1-72.61 or later   ·   13.1-63.18 or later   ·   FIPS 13.1-37.272 or later

Indicators and references

TypeDetail
CVECVE-2026-8451, out-of-bounds read (CitrixBleed class), CVSS 8.8 High
ProductNetScaler ADC and NetScaler Gateway, when configured as a SAML identity provider
VectorMalformed SAML request to /saml/login; leaked memory returned in the NSC_TASS response cookie
Affected14.1 < 14.1-72.61, 13.1 < 13.1-63.18, FIPS 14.1 < 14.1-72.61 FIPS, FIPS/NDcPP 13.1 < 13.1-37.272
Fixed14.1-72.61, 13.1-63.18, FIPS 13.1-37.272; cloud-managed services updated by vendor (Citrix CTX696604)
RelatedCVE-2026-3055, shared root cause, added to CISA KEV earlier in 2026 after active exploitation
Public PoCwatchTowr published exploit details 2026-06-30; a public PoC repository was created 2026-07-04 (independent PoC-in-GitHub gate)
ExploitationUnder active exploitation in the wild from ~July 2, 2026 (CrowdSec and other threat-intel vendors); dozens of attacking IPs within days. Not on CISA KEV as of this writing
An honest caveat Our account is drawn from Citrix bulletin CTX696604, the watchTowr technical write-up, the Beazley Security advisory, CyberScoop's reporting, and the CVE record. We flagged CVE-2026-8451 when a fresh, in-window public proof-of-concept appeared for a pre-authentication flaw on an internet-facing appliance that routinely fronts critical-infrastructure networks; in the days since, it has moved into active in-the-wild exploitation, though we have not observed it in our own fleet. Two limits are worth restating plainly: this leak is a few bytes per request, not the kilobytes of the 2023 CitrixBleed, and the OT relevance is indirect, because NetScaler is IT edge infrastructure rather than a native industrial device. What earns it your attention is the combination of pre-auth reach, active in-the-wild exploitation within days of disclosure, a device class with a long ransomware history, and its position at the perimeter of the environments we watch.