Particle.news

Citrix Patches Six NetScaler Flaws Including High-Severity SAML Memory Bug

The fixes address memory-disclosure, file-read and HTTP/2 denial-of-service bugs that exploit fragile NetScaler memory handling, requiring updated builds plus a configuration change to fully mitigate one issue.

Overview

  • Citrix released patches Tuesday for six vulnerabilities in NetScaler ADC and NetScaler Gateway, assigning CVSS scores from 6.9 to 8.8 and shipping fixed builds for supported 13.1 and 14.1 lines.
  • The most severe bug, CVE-2026-8451, was reported by watchTowr and causes out-of-bounds memory reads when NetScaler is configured as a SAML identity provider, a flaw that shares a root cause with a March vulnerability (CVE-2026-3055).
  • Other defects allow unauthenticated arbitrary file reads when management interfaces are exposed, memory overflow or overread conditions tied to TCP timestamps, and an HTTP/2‑based denial-of-service that requires a manual Http2SmallWndTimeout change in some deployments.
  • There was no confirmed exploitation of these six CVEs at disclosure, but NetScaler has more than 20 entries in CISA’s Known Exploited Vulnerabilities catalog and past flaws have been weaponized in ransomware, raising urgency for rapid updates.
  • Administrators should install Citrix’s listed patched builds, evaluate whether SAML IDP, HTTP/2 or exposed management interfaces are enabled in their deployments, and follow the vendor’s guidance to change Http2SmallWndTimeout when needed to ensure full mitigation.