Citrix CTX696604: six NetScaler CVEs, CVE-2026-8451 leaks memory
Citrix's CTX696604 fixes six NetScaler ADC/Gateway CVEs on June 30. CVE-2026-8451, a pre-auth memory overread on the SAML IdP path, echoes CitrixBleed 2. Patch 14.1-72.61 or 13.1-63.18.
Citrix published bulletin CTX696604 on June 30, 2026, fixing six CVEs in NetScaler ADC and NetScaler Gateway. Two of the six sit at CVSS 8.8; a third — CVE-2026-8451 — is a pre-auth memory overread on the SAML IdP endpoint, the same threat shape as CitrixBleed 2 (CVE-2025-5777), which CISA added to KEV in July 2025 after mass exploitation. Discovery credit for CVE-2026-8451 goes to watchTowr Labs, whose write-up documents the parser bug in detail.
Affected versions
The bulletin lists the same window for every CVE:
- NetScaler ADC and Gateway 14.1 before 14.1-72.61
- NetScaler ADC and Gateway 13.1 before 13.1-63.18
- 14.1-FIPS before 14.1-72.61 FIPS
- 13.1-FIPS and 13.1-NDcPP before 13.1-37.272
Fixed builds are 14.1-72.61, 13.1-63.18, 14.1-72.61 FIPS, and 13.1-37.272 (FIPS/NDcPP), all on the NetScaler downloads portal. Secure Private Access on-prem and hybrid deployments that ride on NetScaler are affected by transitive dependency and must move to the same fixed builds.
The six CVEs
| CVE | CVSS | Class | Precondition |
|---|---|---|---|
| CVE-2026-8451 | 8.8 | Pre-auth memory overread | SAML IdP configured |
| CVE-2026-8452 | 8.8 | Memory overflow → DoS | Gateway or AAA vserver |
| CVE-2026-8655 | 8.8 | Memory overflow | Various LB / DNS configs |
| CVE-2026-13474 | 8.7 | HTTP/2 Bomb DoS | HTTP/2 enabled on vserver / service |
| CVE-2026-10816 | 7.7 | Unauth arbitrary file read | Management access on NSIP / CLIP / SNIP |
| CVE-2026-10817 | 6.9 | Memory overread | TCP timestamp handling |
The two highest-impact entries are CVE-2026-8451 and CVE-2026-10816. Both are unauthenticated over the network. Both leak configuration- or memory-resident secrets.
CVE-2026-8451 — the CitrixBleed-shaped one
Per the watchTowr research, the bug is in NetScaler's XML parser for SAML authentication requests on the /saml/login endpoint. For unquoted attribute values the custom parser stops reading on a null byte, >, or matching quote — not on whitespace or newline. A malformed SAML attribute walks the parser past the intended buffer boundary, and the excess bytes are returned to the client inside the NSC_TASS response cookie. Leaked memory can include heap pointers useful for defeating ASLR, session fragments, and authentication tokens.
The threat model is what makes it CitrixBleed-shaped: unauthenticated, network-reachable, leaks the material used to hijack authenticated sessions. Different root cause than CVE-2025-5777 — that one was an uninitialized stack read via the login parameter on the Gateway / AAA vserver path — but the same operational consequence.
CVE-2026-13474 — HTTP/2 Bomb
Per Citrix and secondary coverage at SecurityWeek, CVE-2026-13474 is a CWE-401 "missing release of memory after effective lifetime" against HTTP/2 request handling. Malformed frames or invalid stream states leave stream state pinned; enough of them exhausts appliance resources. It fires on any virtual server (LB, CS, VPN) or service where HTTP/2 is enabled in the HTTP Profile.
Citrix ships a runtime mitigation for CVE-2026-13474 that doesn't require the version bump: set Http2SmallWndTimeout to 30 seconds in the HTTP Profile. On appliances not using an HTTP Strict Profile the default is 0, i.e. no timeout — that's the gap the DoS abuses.
Exploitation status
Citrix and the underlying research say no active exploitation observed at publication. That is not a stable status. Both the previous CitrixBleed rounds (CVE-2023-4966 in 2023 and CVE-2025-5777 in 2025) went from "patch shipped, no known exploitation" to KEV entries with confirmed session hijacking inside weeks. The watchTowr write-up ships enough detail to reproduce CVE-2026-8451 — the parser edge case is described directly, and the leak surface (NSC_TASS cookie) is named. Anyone diffing 14.1-72.61 against the prior build will land in the same code.
The CyberScoop coverage frames the disclosure as "echoes of CitrixBleed"; the operational read is that opportunistic scanning against /saml/login on internet-exposed NetScalers is a matter of days, not weeks.
Action checklist
- Patch now. Move 14.1 to 14.1-72.61, 13.1 to 13.1-63.18, FIPS/NDcPP branches to 14.1-72.61 FIPS or 13.1-37.272. The two-week window between the 2025 CitrixBleed 2 disclosure and the first mass-exploitation reports is the calibration data.
- If you can't patch this maintenance window, rotate sessions and secrets on any SAML-IdP-configured appliance now. Kill all active sessions (
kill icaconnection -all,kill pcoipConnection -all,kill aaa session -all), then rotate the SAML signing cert and any session-bearing secrets material. This is the Citrix-recommended cleanup from CitrixBleed 2 and it applies here: if bytes leaked, they leaked before the patch existed. - Restrict management-plane exposure. For CVE-2026-10816, ensure NSIP, Cluster Management IP, and SNIP-with-management-access are not reachable from the general network. Per Citrix's own guidance and reiterated in NCSC UK's advisory, the management interface should be on a segregated network.
- Apply the HTTP/2 Bomb mitigation as an interim control. Set
Http2SmallWndTimeoutto 30 seconds on every HTTP Profile where HTTP/2 is enabled. This blunts CVE-2026-13474 while the version bump propagates through change control. - Hunt for pre-patch abuse. If SAML IdP was configured and reachable from the internet, review authentication logs for anomalous SAML flows and any authenticated session originating from an unknown user-agent or IP block since the CVE reservation date. Session tokens leaked before patch will still work post-patch until the sessions expire or are killed.
Context
Three summers in a row, the same appliance family has shipped a class of bug that hands unauthenticated attackers the material to hijack authenticated sessions: CitrixBleed in 2023, CitrixBleed 2 in 2025, and now a CitrixBleed-shaped pre-auth overread in the SAML path in 2026. The specific bug is new each time; the pattern is not. NetScaler is an internet-facing appliance, the SAML and Gateway paths handle text formats with hand-rolled parsers, and the ADC codebase carries enough legacy that this class of overread continues to surface. Any organisation running NetScaler ADC as a SAML IdP should now assume that a "no known exploitation" pre-auth memory read on that appliance is a 72-hour patch job, full stop.
For the wider picture, CTX696604 lands the day after CISA and multiple national CERTs — NCSC UK, CERT-FR CERTFR-2026-AVI-0822, CCB Belgium, and Singapore CSA AL-2026-082 — pushed simultaneous alerts. That level of coordinated urgency is the operational signal.