CVE-2026-8451

Confirmed PUBLISHED

Insufficient input validation leading to memory overread

NetScaler · ADC, Gateway

Not yet in CISA KEV

Exploited in the wild Active exploitation observed PoC available

Recommended Action

Prioritize immediate patching and validate internet-facing exposure. Monitor for matching exploitation attempts in your environment.

Confidence
Confirmed
Exploitation Status
Active exploitation observed
Observed in Sensors
Yes
Attempts (30d)
52
Unique Attacker IPs
1
CISA KEV
Not yet in CISA KEV
CVSS / EPSS
8.8 High EPSS 0.5%

At a Glance

Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to memory overread if NetScaler ADC or NetScaler Gateway is configured as a SAML IDP

CVE Published
Jun 30, 2026
Exploitation Reported
Jul 01, 2026
CVSS
8.8 High
EPSS
0.5%
Remote Low complexity No user interaction Unauthenticated

Affected Versions

Vendor Product Version Status
NetScaler
ADC

14.1 to < 72.61

Affected
NetScaler
ADC

13.1 to < 63.18

Affected
NetScaler
ADC

14.1 FIPs to < 72.61

Affected
NetScaler
ADC

13.1 FIPS and NDcPP to < 37.272

Affected
NetScaler
Gateway

14.1 to < 72.61

Affected
NetScaler
Gateway

13.1 to < 63.18

Affected

CVE References

Recommended Actions

  • Prioritize immediate patching and validate internet-facing exposure. Monitor for matching exploitation attempts in your environment.
  • Review sensor telemetry for request paths, attacker IPs, and payload patterns that may inform detection and exposure validation.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.