
Citrix patched six NetScaler vulnerabilities on June 30. Within 48 hours, exploitation was confirmed in the wild. The headliner — CVE-2026-8451 — is a pre-authentication memory overread in NetScaler’s SAML identity provider path. No login required. Send a malformed SAML request, read session tokens out of the response cookie. Researchers have already named it CitrixBleed, because that is exactly what it is.
What CVE-2026-8451 Does
The bug lives in NetScaler’s custom XML parser, which handles SAML authentication requests when the appliance is configured as a SAML identity provider. The parser terminates unquoted attribute values on a null byte, a closing bracket, or a matching quote — but not on whitespace or newlines.
An attacker sends a bare <samlp:AuthnRequest> tag padded with spaces and a trailing newline. The parser reads past the buffer boundary into adjacent memory. That memory — which can include active session tokens, credentials, and process pointers — comes back to the attacker in the NSC_TASS response cookie. No credentials, no session, nothing required.
The process pointer leakage is worth flagging separately. Security researchers at watchTowr note it can be chained with other vulnerabilities to reach remote code execution. This is not purely an information disclosure bug.
CVSS score: 8.8. The 2023 original CitrixBleed scored 9.4 and was used to breach ICBC, Boeing’s parts division, DP World, and Allen & Overy within weeks of disclosure. Same class of bug. Patch now.
Patch Versions — And the Step Most Admins Skip
The fixed builds are:
- NetScaler ADC and NetScaler Gateway 14.1: upgrade to 14.1-72.61 or later
- NetScaler ADC and NetScaler Gateway 13.1: upgrade to 13.1-63.18 or later
- FIPS and NDcPP variants: see CTX696604 for specific builds
Patching is necessary but not sufficient. The lesson from the 2023 CitrixBleed: LockBit affiliates maintained access using session tokens harvested before the patch went in. Those tokens remained valid. After upgrading, invalidate all active sessions. If you skip that step, a pre-patch compromise may still be active.
CitrixBleed Is Now Four Bugs Deep
CVE-2026-8451 is not an isolated incident. It is the fourth member of a family:
- CVE-2023-4966 — The original CitrixBleed. CVSS 9.4. Session token leak. Used by LockBit to breach ICBC, Boeing, and DP World.
- CVE-2025-5777 — Memory read via malformed POST, 127 bytes per request, SAML session tokens.
- CVE-2026-3055 — CVSS 9.3. Two distinct overread primitives in the SAML IdP path.
- CVE-2026-8451 — This one. Exploited within 24 hours of disclosure.
The speed of exploitation is accelerating. In 2023 it took weeks for mass exploitation to begin. In 2026, CrowdSec confirmed active attempts on July 2 — two days after the patch dropped. Security researchers have been blunt about the pattern: this class of memory management failure appears endemic to NetScaler. Citrix has fixed individual parser bugs across four generations of this vulnerability class without addressing the underlying architectural issue. At some point, “patch and invalidate sessions” cannot be the entire answer.
The Other Five CVEs — Including One AI Found
The June 30 bulletin (CTX696604) covers five additional vulnerabilities:
- CVE-2026-10816 (CVSS 7.7) — Unauthenticated arbitrary file read. Exposed if your appliance has NSIP, Cluster Management IP, or SNIP with management access enabled.
- CVE-2026-8452 and CVE-2026-8655 (both CVSS 8.8) — Memory overflow leading to denial-of-service, affecting Gateway/AAA virtual servers and DNS proxy configurations.
- CVE-2026-10817 (CVSS 6.9) — Memory overread when TCP Timestamp is enabled.
- CVE-2026-13474 (CVSS 8.7) — The HTTP/2 Bomb: a denial-of-service attack that chains HPACK compression bomb with a Slowloris-style connection hold, preventing the appliance from freeing consumed memory. Discovered with help from OpenAI’s Codex, which read through code paths and identified that two separately known techniques could be composed. Patching alone is not enough — set
Http2SmallWndTimeoutto 30 seconds.
The Codex angle is worth noting. AI is now being used to surface novel vulnerability compositions — not just automate exploitation of existing ones. That shifts the timeline for how fast new attack vectors emerge after code is published.
What to Do Right Now
- Upgrade to 14.1-72.61+ or 13.1-63.18+ per CTX696604
- Invalidate all active sessions immediately after patching
- Audit your configuration: Is the appliance a SAML IdP? Is NSIP/SNIP management access internet-facing?
- Set Http2SmallWndTimeout=30s if HTTP/2 is enabled in your HTTP Profile
- Deploy detection: use the CVE_ADC_IOC_2026 preconditions checker or CrowdSec’s detection rule
- Review NSC_TASS cookie activity in logs from June 30 forward for signs of pre-patch exploitation
The original CitrixBleed taught organizations that patching after the fact is not the same as never being breached. The window between disclosure and exploitation is now measured in hours, not weeks. If your NetScaler is internet-facing and configured as a SAML IdP, assume adversaries have already looked.













