CVE-2026-8451 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Citrix Netscaler Application Delivery Controller. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 39.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to memory overread if NetScaler ADC or NetScaler Gateway is configured as a SAML IDP
Remote memory overread via insufficient input validation on publicly exposed NetScaler SAML IDP service directly enables exploitation of a public-facing application.