
Another Citrix remote-access flaw is out. Patching your gateway can't wait.
A new NetScaler vulnerability disclosed on 30 June lets an attacker read the memory of an unpatched remote-access gateway. That's the kit sitting between the internet and your network.
On 30 June, Citrix disclosed a new flaw in its NetScaler ADC and NetScaler Gateway products, tracked as CVE-2026-8451 and rated 8.8 out of 10 for severity. NetScaler is the kind of appliance that sits at the edge of a network and handles remote access, letting staff log in securely from outside the office. When a device in that position has a hole in it, the network behind it is exposed.
What the flaw does
The vulnerability lets an attacker who hasn't logged in read chunks of the appliance's memory. On this class of NetScaler flaw, what leaks out can include session information, and in the worst case that is enough for an attacker to impersonate a logged-in user without ever knowing their password. It only affects gateways set up in a particular way (as a SAML identity provider), so not every NetScaler is exposed, but plenty are. It was found by researchers at watchTowr, who point out that memory handling in these appliances has been a recurring weak spot.
We've seen this pattern before
This is the latest in a run of similar memory-leak bugs in NetScaler, a class the security world nicknamed 'CitrixBleed'. An earlier one from March this year, CVE-2026-3055, shares the same root cause and was being actively exploited within days, ending up on the US government's list of known-exploited vulnerabilities. There is no confirmed exploitation of this new one yet, but that track record is the reason not to wait and find out.
What to do
Citrix has released fixed versions, and in some cases there is a configuration change to apply once you've updated. If you run NetScaler yourself, move to the latest build now. Most smaller firms don't run this kit directly, but their IT provider might, so the useful question to put to yours is a plain one: are we running any Citrix NetScaler gateways, and if so, are they patched for CVE-2026-8451? A clear yes or no tells you where you stand.
What this means for your business
Internet-facing kit like a remote-access gateway is the first place attackers look, and patching it quickly is most of the battle. We keep watch on the systems that face the outside world for the South West businesses we look after, apply security updates as they land, and can run a vulnerability scan or a security audit so you're not relying on hope. If you're not sure who's watching your gateways, that's worth sorting now.
#WEARECOBALT
Ready when you are.
Tell us what's slowing your business down. We'll tell you exactly how we'd fix it — plainly, with no obligation.