Back to threat alerts

CVE-2026-8451: Pre-Authentication Memory Overread in Citrix NetScaler

On June 30, 2026, Citrix released security bulletin CTX696604, addressing a suite of high-severity vulnerabilities affecting customer-managed Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway appliances.

Threat alert
July 1, 2026

The most critical of these flaws involves a memory overread vulnerability within the NetScaler Packet Processing Engine (nsppe), which can be chained to achieve unauthenticated Remote Code Execution (RCE) or easily leveraged for Denial-of-Service (DoS).

To facilitate Single Sign-On (SSO) and federated authentication, NetScaler appliances running as SAML Identity Providers (IdPs) expose an unauthenticated, internet-reachable endpoint at /saml/login. The authentication process begins when a client transmits a base64-encoded XML document containing a SAML request (<samlp:AuthnRequest>) to this endpoint. NetScaler relies on a highly optimised, custom-written XML parser designed for high-throughput packet processing. This custom parser contains a critical input validation bug when processing XML attributes.

In standard XML structures, attributes must be enclosed in single or double quotes, with white spaces or newlines acting as structural delimiters. However, the custom NetScaler parser fails to treat white spaces (\x20, \x09) or newlines (\n, \r) as terminators when encountering unquoted attribute values.

Instead, the attribute parser continues reading sequential bytes from the input buffer and only ceases processing when it encounters one of the following:

  • A null byte (\x00)
  • A closing angle bracket (>)
  • A matching quote character

An attacker can exploit this behaviour by crafting an XML document where critical attributes, such as AssertionConsumerServiceURL or ID, are deliberately left unquoted and placed at the physical end of the input stream. NetScaler packages the parsed attribute value back into an authentication session parameter and transmits it to the client. Specifically, leaked bytes from the appliance's process memory are returned to the attacker within the response traffic, embedded in the NSC_TASS cookie.

Compared to historical memory overreads in NetScaler devices, the leak characteristics of CVE-2026-8451 are constrained. Because the copy loop terminates immediately upon hitting a null byte or closing bracket, the overread is limited to a few dozen bytes per request. However, researchers have demonstrated that this returned data routinely contains binary fragments and active process pointers.

  • RCE via ASLR Bypass: These leaked pointers can be harvested to map the memory layout of the running process, providing the necessary primitive to bypass Address Space Layout Randomisation (ASLR). An attacker can chain this layout map with memory corruption vulnerabilities (such as CVE-2026-8452) to achieve reliable, unauthenticated RCE.
  • Trivial Denial of Service: Sending a minimal, malformed request to the /saml/login endpoint causes the custom parser to experience a segmentation fault if it attempts to access an unmapped or restricted memory page. Because the nsppe process handles core load-balancing, routing, and SSL termination, its termination immediately triggers a service crash.
History of "CitrixBleed" Vulnerabilities

The research firm watchTowr discovered CVE-2026-8451 while analysing the patch for a previous vulnerability (CVE-2026-3055). This highlights a broader trend of similar flaws within NetScaler's custom protocols and parsers over recent years:

  • CVE-2023-4966 (CitrixBleed 1): Unauthenticated OAuth IdP memory leak exposing active session tokens.
  • CVE-2025-5777 (CitrixBleed 2): Memory disclosure on Gateway and AAA virtual servers.
  • CVE-2025-12101 (CitrixBleed 4 / RXSS): Memory leak and cross-site scripting in authentication modules.
  • CVE-2026-3055 (Memory Overread): Pre-authentication SAML IdP parser vulnerability.
  • CVE-2026-8451 (Memory Overread): Pre-authentication SAML IdP parser unquoted attribute overread.
Remediation and Mitigation

Because vulnerability exposure for CVE-2026-8451 is strictly contingent on the appliance acting as a SAML Identity Provider (IdP), version checks alone are insufficient. Administrators must inspect the running NetScaler configuration for active SAML IdP profiles using the NetScaler CLI:

Bash: show authentication samlIdPProfile

Alternatively, search the core configuration file (ns.conf) for the following active string:

Bash: add authentication samlIdPProfile.*

If this configuration is present and the appliance is running an outdated firmware version, it is actively vulnerable to memory overreads.

The primary recommendation is to upgrade all customer-managed NetScaler ADC and Gateway appliances to the patched firmware baselines released by Citrix.

Affected Appliance Model / Family Affected Software Build Range Minimum Patched Firmware Release
NetScaler ADC & Gateway 14.1 Versions prior to 14.1-72.61 14.1-72.61 (and later releases)
NetScaler ADC & Gateway 13.1 Versions prior to 13.1-63.18 13.1-63.18 (and later releases)
NetScaler ADC FIPS 14.1 Versions prior to 14.1-72.61 FIPS 14.1-72.61 FIPS (and later releases)
NetScaler ADC FIPS & NDcPP 13.1 Versions prior to 13.1-37.272 13.1-37.272 (and later releases)

Note: Citrix-managed cloud services and Adaptive Authentication instances are automatically updated by Cloud Software Group and do not require administrator-led firmware patching.

Crucial Post-Upgrade Step (CVE-2026-13474): Firmware updates alone do not completely address the HTTP/2 resource exhaustion vulnerability included in this bulletin. Appliances not utilising HTTP Strict Profiles require manual configuration post-upgrade. Administrators must define the timeout for stalled streams using the following CLI command:

Bash: set ns httpProfile <profile_name> -http2SmallWndTimeout 30

Without setting this parameter to a non-zero value, non-strict profiles remain vulnerable to HTTP/2 denial-of-service exploits even after the appliance has been patched.


Where immediate firmware upgrades are not feasible, temporary mitigations will drastically reduce the attack surface:

  • Disable SAML IdP Functionality: If SAML IdP services are not actively required, completely disable or remove all SAML IdP profiles to close the exposed /saml/login endpoint.
  • Network Segmentation & ACLs: Restrict access to NetScaler gateway interfaces and SAML login endpoints by placing them behind upstream firewalls, VPNs, or strict IP address allowlists.
  • WAF Inspection: Configure upstream Web Application Firewalls (WAF) to inspect traffic directed to /saml/login. Implement signature-matching rules to drop SAML authentication payloads (<samlp:AuthnRequest>) that contain unquoted attribute values or anomalous attribute termination.


To detect potential exploitation attempts or layout mapping, teams should monitor the following telemetry sources:

  • Anomaly Detection in NSC_TASS Cookies: analyse the structure of outgoing NSC_TASS session cookies. Because the vulnerable parser appends leaked heap bytes directly into this cookie, the presence of raw binary formatting, non-base64 characters, or unusual byte lengths is a high-fidelity indicator of a successful memory leak.
  • Process Crash Telemetry: Monitor NetScaler system event logs for unexpected terminations or restarts of the nsppe (NetScaler Packet Processing Engine) process. Repeated crashes highly indicate denial-of-service attempts or an attacker failing to map the heap layout successfully.
  • SAML Endpoint Traffic Analysis: Audit HTTP web server logs for irregular volumetric spikes or malformed requests directed to /saml/login originating from unfamiliar external infrastructure.