CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-8452

criticalCVSS 9.8covered by 7 sourcesfirst seen 2026-06-30
Number: AL26-016 Date: July 2, 2026 Audience This Alert is intended for IT professionals and managers. Purpose An Alert is used to raise awareness of a recently identified cyber threat that may impact cyber information assets, and to provide additional detection and mitigation advice to recipients. The Canadian Centre for Cyber Security ("Cyber Centre") is also available to provide additional assistance regarding the content of this Alert to recipients as requested. Details The Cyber Centre is aware of a vulnerability impacting NetScaler ADC (formerly Citrix ADC), NetScaler Gateway (formerly Citrix Gateway) and NetScaler ADC FIPS (Federal Information Processing Standards) Footnote 1 Footnote 2 . In response to the vendor advisory released on June 30, 2026, the Cyber Centre released AV26-645 on June 30, 2026 Footnote 3 . Tracked as CVE-2026-8451 Footnote 4 , this vulnerability is an insufficient input validation (CWE-125) Footnote 5 vulnerability affecting many NetScaler ADC and NetScaler Gateway versions. If exploited, this vulnerability can lead to memory overread, if NetScaler ADC or NetScaler Gateway is configured as a Security Assertion Markup Language (SAML) Identity Provider (idP). The vulnerability only impacts customer-managed NetScaler ADC and NetScaler Gateway. The cloud services managed by Citrix have been upgraded with the necessary software updates related to this vulnerability. Suggested actions The Cyber Centre recommends that organizations using Citrix NetScaler ADC, NetScaler Gateway, NetScaler ADC FIPS and NFcPP Footnote 1 appliances update or upgrade the affected systems to the following versions: Affected Product Affected Versions Fixed Versions NetScaler ADC and NetScaler Gateway 14.1 14.1 before 14.1-72.61 14.1-72.61 NetScaler ADC and NetScaler Gateway 13.1 13.1 before 13.1-63.18 13.1-63.18 NetScaler ADC FIPS versions prior to 14.1-72.61 FIPS 14.1-72.61 NetScaler ADC FIPS and NDcPP versions prior to 13.1-37.272 13.1-37.272 The Cyber Centre reco

CSIRTS triage

What
Multiple vulnerabilities have been discovered in Citrix products.
Who is affected
Users of Citrix products.
Urgency
Remediation urgency is unclear due to lack of specific details.
Action
Monitor for updates from Citrix regarding these vulnerabilities.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2026-8452

Get an email if CVE-2026-8452 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (7)

External references

NVD record for CVE-2026-8452

CVE.org record

Embed the live status

CVE-2026-8452 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-8452 status](https://www.csirts.com/badge/CVE-2026-8452)](https://www.csirts.com/cve/CVE-2026-8452)