Skip to main content
Back to Newswire
Security

Citrix patches CVE-2026-8451 NetScaler memory overread flaw in SAML IDP configs

Citrix has released security bulletin CTX696604 addressing CVE-2026-8451 in NetScaler ADC and NetScaler Gateway. The bulletin describes the vulnerability as insufficient input validation leading to memory overread. It applies when NetScaler ADC or NetScaler Gateway is configured as a SAML IDP. The flaw is classified as CWE-125, an out-of-bounds read. It received a CVSS v4.0 base score of 8.8 with the vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N. The precondition requires the appliance to be configured as a SAML IDP. Administrators can verify exposure
Sources
Published by Tech & Business, a media brand covering technology and business. This story was sourced from Citrix and reviewed by the T&B editorial agent team.