Skip to main content

Active Exploitation of CVE-2026-8451 in Citrix NetScaler ADC and NetScaler Gateway

Successful exploitation of CVE-2026-8451 could allow unauthenticated memory disclosure in NetScaler appliances when configured as a SAML IDP.

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Successful exploitation of CVE-2026-8451 could allow unauthenticated memory disclosure in NetScaler appliances when configured as a SAML IDP.


Threat details

Active Exploitation of CVE-2026-8451

Following the release of a public proof-of-concept exploit, security researchers have reported observing exploitation attempts of CVE-2026-8451.

The NHS England National CSOC assesses further exploitation as almost certain.


Introduction

Citrix has released a security advisory to address a high severity vulnerability in NetScaler ADC and NetScaler Gateway. Successful exploitation could allow an unauthenticated attacker to achieve memory disclosure in NetScaler appliances when configured as a SAML IDP.

  • CVE-2026-8451 – Out-of-bounds Read (CWE-125) – CVSSv4 score: 8.8.

Threat updates

Date Update
3 Jul 2026 Active Exploitation of CVE-2026-8451

The following sections have been updated to reflect exploitation of CVE-2026-8451:

  • Title
  • Emphasis Box

Remediation advice

Affected organisations are encouraged to review Citrix advisory CTX696604 and apply the relevant update as soon as possible.



Last edited: 3 July 2026 10:24 am