—

CVE-2026-8451EXPLOITEDPATCHED

citrix · adc

Insufficient input validation leading to memory overread

Description

A vulnerability, which was classified as critical, has been found in Citrix NetScaler ADC and NetScaler Gateway. The impacted element is an unknown function. Performing a manipulation results in buffer overflow.

Affected Products

Vendor	Product	Versions
citrix	adc	14.1, 13.1, 14.1 FIPs, 13.1 FIPS and NDcPP, 14.1, 13.1

References

https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696604

Related News (3 articles)

Tier E

Reddit r/netsec2h ago

CitrixBleed To Infinity And Beyond (Citrix NetScaler Pre-Auth Memory Overread CVE-2026-8451) - watchTowr Labs

→ No new info (linked only)

Tier B

CCCS Canada4h ago

Citrix security advisory (AV26-645)

→ No new info (linked only)

Tier C

VulDB5h ago

CVE-2026-8451 | Citrix NetScaler ADC/NetScaler Gateway buffer overflow (CTX696604)

→ No new info (linked only)

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

72.6163.1837.272

CWECWE-125

PublishedJun 30, 2026

Last enriched4h agov2

Trending Score80

Source articles3

Independent3

Info Completeness8/14

Missing: cvss, epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-8452EXP

Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service

Trending: 67

HIGHCVE-2026-13474EXP

Denial of service via malformed HTTP/2 requests

Trending: 67

HIGHCVE-2026-8655

Multiple Memory overflow vulnerabilities leading to unpredictable or erroneous behavior and Denial of Service

Trending: 48

HIGHCVE-2026-10817

Insufficient input validation leading to memory overread

Trending: 48

CRITICALCVE-2026-10816

Arbitrary File Read (Unauthenticated)

Trending: 41

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jun 30, 2026

Discovered by ZDM

Jun 30, 2026

Actively Exploited

Jun 30, 2026

Patch Available

Jun 30, 2026

Updated: description, severity, activelyExploited

Jun 30, 2026

Version History

Last enriched 4h ago

v2Tier C4h ago

Updated severity to CRITICAL, changed exploit availability to false, and provided a more detailed description of the vulnerability.

descriptionseverityactivelyExploited

via VulDB

v18h ago

Initial creation