CVE-2026-8451
HIGH EXPLOITEDNetScaler - Insufficient Input Validation Leading to Memory Overread
Title source: ruleExploitation Summary
CVE-2026-8451 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 7 public exploits from researchers including HermesNA-1, derekpreston81, watchtowrlabs.
AI-analyzed exploit summary This repository contains an auto-generated stub module for CVE-2026-8451, an insufficient input validation vulnerability in NetScaler ADC and NetScaler Gateway configured as a SAML IDP, leading to memory overread. The code lacks actual exploit implementation and only includes placeholder logic for connectivity checks.
Description
Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to memory overread if NetScaler ADC or NetScaler Gateway is configured as a SAML IDP
Exploits (7)
This repository contains an auto-generated stub module for CVE-2026-8451, an insufficient input validation vulnerability in NetScaler ADC and NetScaler Gateway configured as a SAML IDP, leading to memory overread. The code lacks actual exploit implementation and only includes placeholder logic for connectivity checks.
This repository contains a Python script that scans NetScaler configuration files for preconditions associated with multiple CVEs, including CVE-2026-8451. It does not exploit the vulnerabilities but detects configurations that may indicate vulnerability.
This repository contains a functional exploit for CVE-2026-8451, a memory overread vulnerability in Citrix Netscaler. The PoC sends crafted SAML requests to trigger the vulnerability and leaks memory contents via the NSC_TASS cookie.
This repository contains a functional exploit for CVE-2026-8451, a pre-authentication out-of-bounds read vulnerability in Citrix NetScaler ADC/Gateway (SAML IdP mode). The exploit sends malformed SAML AuthnRequest payloads to trigger memory leaks via XML parser mishandling, exposing sensitive process memory in HTTP responses.
This repository provides a detailed technical analysis of CVE-2026-8451, a pre-authentication memory disclosure vulnerability (CWE-125) in Citrix NetScaler ADC/Gateway configured as a SAML Identity Provider. The writeup includes root cause analysis, affected versions, patch details, and mitigation strategies but does not contain exploit code.
The repository contains no actual exploit code or technical analysis, only links to external GitHub repositories and an encrypted backup file hosted on a third-party archive service. The description is vague and lacks depth or technical details about the vulnerability mechanics.
This repository contains a functional exploit PoC for CVE-2026-8451, a memory overread vulnerability in Citrix NetScaler. The script crafts malformed SAML requests to trigger memory leaks, demonstrating the vulnerability by dumping leaked bytes from the NSC_TASS cookie.
References (1)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N