A glowing security shield with a keyhole sitting on a dark network appliance, cracked down the middle with orange streams of light and data particles leaking out, on a deep purple field, representing sensitive data escaping a vulnerable remote-access gateway.
Cyber Security

Another Citrix remote-access flaw is out. Patching your gateway can't wait.

A new NetScaler vulnerability disclosed on 30 June lets an attacker read the memory of an unpatched remote-access gateway. That's the kit sitting between the internet and your network.

2 July 20264 min read

On 30 June, Citrix disclosed a new flaw in its NetScaler ADC and NetScaler Gateway products, tracked as CVE-2026-8451 and rated 8.8 out of 10 for severity. NetScaler is the kind of appliance that sits at the edge of a network and handles remote access, letting staff log in securely from outside the office. When a device in that position has a hole in it, the network behind it is exposed.

What the flaw does

The vulnerability lets an attacker who hasn't logged in read chunks of the appliance's memory. On this class of NetScaler flaw, what leaks out can include session information, and in the worst case that is enough for an attacker to impersonate a logged-in user without ever knowing their password. It only affects gateways set up in a particular way (as a SAML identity provider), so not every NetScaler is exposed, but plenty are. It was found by researchers at watchTowr, who point out that memory handling in these appliances has been a recurring weak spot.

We've seen this pattern before

This is the latest in a run of similar memory-leak bugs in NetScaler, a class the security world nicknamed 'CitrixBleed'. An earlier one from March this year, CVE-2026-3055, shares the same root cause and was being actively exploited within days, ending up on the US government's list of known-exploited vulnerabilities. There is no confirmed exploitation of this new one yet, but that track record is the reason not to wait and find out.

What to do

Citrix has released fixed versions, and in some cases there is a configuration change to apply once you've updated. If you run NetScaler yourself, move to the latest build now. Most smaller firms don't run this kit directly, but their IT provider might, so the useful question to put to yours is a plain one: are we running any Citrix NetScaler gateways, and if so, are they patched for CVE-2026-8451? A clear yes or no tells you where you stand.

What this means for your business

Internet-facing kit like a remote-access gateway is the first place attackers look, and patching it quickly is most of the battle. We keep watch on the systems that face the outside world for the South West businesses we look after, apply security updates as they land, and can run a vulnerability scan or a security audit so you're not relying on hope. If you're not sure who's watching your gateways, that's worth sorting now.

#WEARECOBALT

Ready when you are.

Tell us what's slowing your business down. We'll tell you exactly how we'd fix it — plainly, with no obligation.