Citrix NetScaler Vulnerabilities Enable DoS and Memory Disclosure Attacks

Citrix NetScaler Vulnerabilities Enable DoS and Memory Disclosure Attacks

First seen 1 Jul 2026, 10:45 UTC CyberscoopGbhackersHeise.DeFeeds.4SysopsCybersecuritynews+5 90% similarity 74.0
Share:

Article Content

Browse articles
ThreatCluster

Citrix disclosed six high-severity vulnerabilities in NetScaler ADC and Gateway appliances, including CVE-2026-8451, which allows unauthenticated memory disclosure when configured as a SAML identity provider. Other vulnerabilities can lead to denial-of-service (DoS) attacks, arbitrary file access, and memory overreads. The vulnerabilities were published on June 30, 2026, with a proof-of-concept exploit for CVE-2026-8451 released on July 1, 2026. So far, there are no confirmed reports of exploitation. Affected systems include those configured for single sign-on and DNS proxy setups. Administrators are urged to apply security updates to mitigate risks.

Key Points: • Citrix disclosed six high-severity vulnerabilities in NetScaler products. • CVE-2026-8451 allows unauthenticated memory disclosure via SAML IDP configuration. • Proof-of-concept exploit for CVE-2026-8451 was released shortly after disclosure.

ThreatCluster AI

Timeline

2026-03-23
CVE-2026-3055 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-06-30
Citrix discloses multiple vulnerabilities
Citrix published a security bulletin detailing six vulnerabilities in NetScaler ADC and Gateway, rated high severity.
Cyberscoop
2026-06-30
CVE-2026-10816 published
CVE-2026-10816 was published as part of the vulnerabilities disclosed by Citrix.
Cyberscoop
2026-06-30
CVE-2026-13474 published
CVE-2026-13474 was published alongside other vulnerabilities affecting NetScaler products.
Cyberscoop
2026-06-30
CVE-2026-8452 published
CVE-2026-8452 was disclosed as part of the vulnerabilities affecting NetScaler appliances.
Cyberscoop
2026-06-30
CVE-2026-8451 published
CVE-2026-8451, a critical memory disclosure vulnerability, was published by Citrix.
Cyberscoop
2026-06-30
CVE-2026-10817 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-06-30
CVE-2026-8655 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-07-01
Proof-of-concept exploit for CVE-2026-8451 released
Security researchers released a public proof-of-concept exploit for CVE-2026-8451, increasing the urgency for patching.
Digital.Nhs.Uk

Community

Browse all →