
New CitrixBleed-like NetScaler flaw sees exploit attempts in the wild
Citrix NetScaler appliances have been a constant target for attackers in recent years, most recently through an information leak vulnerability dubbed CitrixBleed 3, the latest in a series of NetScaler memory overreads going back to 2023. This week, Citrix patched yet another CitrixBleed-like vulnerability and there are signs of in-the-wild exploitation already.
The new memory overread vulnerability, tracked as CVE-2026-8451, was found by researchers from security firm watchTowr who published a detailed write-up showing how unauthenticated malformed requests can result in protected process memory data being leaked back in responses.
The original CitrixBleed (CVE-2023-4966), CitrixBleed 2 (CVE...