Citrix Patches Critical NetScaler Vulnerabilities Linked to CitrixBleed

Citrix Patches Critical NetScaler Vulnerabilities Linked to CitrixBleed

First seen 1 Jul 2026, 10:45 UTC CyberscoopGbhackersHeise.DeFeeds.4SysopsCybersecuritynews 86% similarity 74.0
Share:

Article Content

Browse articles
ThreatCluster

Citrix has issued a security bulletin on June 30, 2026, addressing six vulnerabilities in NetScaler ADC and Gateway appliances, including CVE-2026-8451, which has a CVSS score of 8.8. These vulnerabilities allow attackers to exploit memory overreads, arbitrary file access, and denial-of-service conditions. The most critical flaw, CVE-2026-8451, affects systems configured as SAML Identity Providers, commonly used for single sign-on. The vulnerabilities were discovered by researchers at watchTowr and others, with CVE-2026-3055 being previously identified and confirmed to be actively exploited. Citrix recommends immediate patching and configuration adjustments to mitigate risks. The vulnerabilities are part of a concerning trend in memory management issues within Citrix products. The overall severity of the bulletin is rated as high, with CVSS scores ranging from 6.9 to 8.8.

Key Points: • Citrix disclosed six vulnerabilities in NetScaler ADC and Gateway, with CVE-2026-8451 rated 8.8. • The vulnerabilities allow memory overreads, arbitrary file access, and denial-of-service conditions. • Immediate patching and configuration changes are recommended to mitigate risks.

ThreatCluster AI

Timeline

2026-03-23
CVE-2026-3055 published
A vulnerability in NetScaler was disclosed, later confirmed to be actively exploited.
Cyberscoop
2026-03-30
CVE-2026-3055 added to CISA KEV
CISA confirmed active exploitation of CVE-2026-3055 within days of its disclosure.
Cyberscoop
2026-06-30
Citrix issues security bulletin
Citrix disclosed six vulnerabilities in NetScaler ADC and Gateway, including CVE-2026-8451 with a CVSS score of 8.8.
Cyberscoop
2026-06-30
CVE-2026-8452 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-06-30
CVE-2026-10816 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-06-30
CVE-2026-10817 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-06-30
CVE-2026-13474 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-06-30
CVE-2026-8655 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-07-01
First public PoC for CVE-2026-8451
A proof of concept for CVE-2026-8451 was made public, highlighting its exploitability.
Gbhackers

Community

Browse all →