Citrix Patches 6 NetScaler Flaws, Including 8.8-Rated File-Read and DoS Bugs
Updated
Updated · The Hacker News · Jul 1
Citrix Patches 6 NetScaler Flaws, Including 8.8-Rated File-Read and DoS Bugs
3 articles · Updated · The Hacker News · Jul 1
Summary
Citrix on Tuesday shipped fixes for six NetScaler ADC and Gateway vulnerabilities, including unauthenticated arbitrary file read and multiple denial-of-service paths, with patched builds released across 14.1, 13.1 and FIPS branches.
CVE-2026-10816 enables arbitrary file reads when management access is exposed, while five other flaws—scored up to 8.8—can trigger memory overreads, overflows or HTTP/2-driven service disruption under specific SAML, Gateway, DNS and load-balancing setups.
CVE-2026-13474 needs an extra mitigation beyond upgrading on some systems: appliances not using HTTP Strict Profiles must manually set Http2SmallWndTimeout to 30 seconds for the fix to fully take effect.
watchTowr said CVE-2026-8451 was found while reproducing March's CVE-2026-3055 and shares the same SAML parsing root cause, though the newer bug leaked only a few bytes at a time in testing.
Citrix said there is no evidence of active exploitation, but NetScaler appliances have been frequent ransomware targets, raising the urgency for customers to apply the updates.
With another 'CitrixBleed' flaw discovered, should enterprises fundamentally rethink their trust in critical network hardware?
As recurring flaws plague major vendors, could AI-driven security disrupt the billion-dollar application delivery market?
If CVSS scores are misleading, how can IT leaders prioritize cyber threats before they are actively exploited?
Citrix NetScaler Hit by CVE-2026-8451—Memory Overread Threatens Session Tokens and Credentials
Overview
On July 1, 2026, a critical vulnerability known as CVE-2026-8451 was disclosed in Citrix NetScaler appliances, as part of a broader security bulletin covering several high-severity flaws. This vulnerability poses a serious risk of sensitive memory disclosure, especially when the appliance is set up as a SAML Identity Provider (IdP), potentially allowing attackers to access confidential information. Citrix has urgently advised all customers to install the latest security updates and, in some cases, make manual configuration changes to ensure full protection. Immediate action is essential to safeguard systems and prevent future attacks.