Vulnerability impacting Citrix NetScaler CVE-2026-8451
The Cyber Centre is aware of a vulnerability impacting NetScaler ADC (formerly Citrix ADC), NetScaler Gateway (formerly Citrix Gateway) and NetScaler ADC FIPS (Federal Information Processing Standards).
In response to the vendor advisory released on June 30, 2026, the Cyber Centre released AV26-645 on June 30, 2026. Tracked as CVE-2026-8451, this vulnerability is an insufficient input validation (CWE-125) vulnerability affecting many NetScaler ADC and NetScaler Gateway versions.
If exploited, this vulnerability can lead to memory overread, if NetScaler ADC or NetScaler Gateway is configured as a Security Assertion Markup Language (SAML) Identity Provider (idP).