New CitrixBleed-like NetScaler flaw sees exploit attempts in the wild

Summary

Citrix has patched a new memory overread vulnerability in its NetScaler appliances, tracked as CVE-2026-8451. This vulnerability, similar to previous "CitrixBleed" issues, allows unauthenticated requests to leak process memory data, although the amount of data leaked is smaller than in prior incidents. Exploitation attempts have already been observed in the wild.

IFF Assessment

FOE

The discovery of a new, exploitable vulnerability in a widely used product like Citrix NetScaler poses a direct threat to defenders by enabling attackers to potentially gain unauthorized access or information.

Severity

9.8 Critical

The article mentions that Citrix assigned a CVSS score of 8.8 to this vulnerability, indicating a 'high severity' rating due to its potential for exploitation.

CISA KEV: Listed as actively exploited. Federal patch due: November 08, 2023. Known ransomware use: Known.

Defender Context

Defenders need to prioritize patching Citrix NetScaler appliances as soon as possible to mitigate the risk of this new vulnerability, CVE-2026-8451. The fact that exploitation attempts were seen within 24 hours of the patch release highlights the urgency and the active threat landscape surrounding these devices. Organizations should also review their configurations, particularly those using NetScaler as a SAML Identity Provider, and monitor for any signs of compromise.

Read Full Story →