Active Exploitation of CVE-2026-8451 in Citrix NetScaler ADC and NetScaler Gateway
Successful exploitation of CVE-2026-8451 could allow unauthenticated memory disclosure in NetScaler appliances when configured as a SAML IDP.
Summary
Successful exploitation of CVE-2026-8451 could allow unauthenticated memory disclosure in NetScaler appliances when configured as a SAML IDP.
Affected platforms
The following platforms are known to be affected:
Threat details
Active Exploitation of CVE-2026-8451
Following the release of a public proof-of-concept exploit, security researchers have reported observing exploitation attempts of CVE-2026-8451.
The NHS England National CSOC assesses further exploitation as almost certain.
Introduction
Citrix has released a security advisory to address a high severity vulnerability in NetScaler ADC and NetScaler Gateway. Successful exploitation could allow an unauthenticated attacker to achieve memory disclosure in NetScaler appliances when configured as a SAML IDP.
- CVE-2026-8451 – Out-of-bounds Read (CWE-125) – CVSSv4 score: 8.8.
Threat updates
| Date | Update |
|---|---|
| 3 Jul 2026 |
Active Exploitation of CVE-2026-8451
The following sections have been updated to reflect exploitation of CVE-2026-8451:
|
Remediation advice
Affected organisations are encouraged to review Citrix advisory CTX696604 and apply the relevant update as soon as possible.
Definitive source of threat updates
CVE Vulnerabilities
Last edited: 3 July 2026 10:24 am