Close Menu

    Subscribe to Updates

    Get the latest Tech news from SynapseFlow

    What's Hot

    New CitrixBleed Vulnerability Exploited Immediately After Public Disclosure

    July 2, 2026

    Fans Furious as Netflix Uses AI to Bring Gene Wilder’s Voice Back From the Dead for Willy Wonka Reality Show

    July 2, 2026

    Dynadot domain registration service review

    July 2, 2026
    Facebook X (Twitter) Instagram
    • Homepage
    • About Us
    • Contact Us
    • Privacy Policy
    Facebook X (Twitter) Instagram YouTube
    synapseflow.co.uksynapseflow.co.uk
    • AI News & Updates
    • Cybersecurity
    • Future Tech
    • Reviews
    • Software & Apps
    • Tech Gadgets
    synapseflow.co.uksynapseflow.co.uk
    Home»Cybersecurity»New CitrixBleed Vulnerability Exploited Immediately After Public Disclosure
    New CitrixBleed Vulnerability Exploited Immediately After Public Disclosure
    Cybersecurity

    New CitrixBleed Vulnerability Exploited Immediately After Public Disclosure

    The Tech GuyBy The Tech GuyJuly 2, 2026No Comments2 Mins Read0 Views
    Share
    Facebook Twitter LinkedIn Pinterest Email
    Advertisement


    Threat actors began exploiting the latest CitrixBleed-like vulnerability in NetScaler ADC and NetScaler Gateways less than 24 hours after public disclosure, Scottish cybersecurity firm Lupovis reports.

    Advertisement

    Tracked as CVE-2026-8451 (CVSS score of 8.8), the security defect was disclosed on June 30, when Citrix rolled out patches, and attack surface management company watchTowr published technical details on it.

    The bug is described as an out-of-bounds read issue affecting NetScaler appliances configured as SAML IDP and leading to memory disclosure.

    It was discovered in NetScaler’s XML parser, which did not terminate unquoted XML attribute values if they were followed by a newline character. Because of the flaw, the parser would read past the intended buffer, and NetScaler would return memory contents in the NSC_TASS cookie in an HTTP response.

    While it requires that the targeted NetScaler appliances be configured as SAML IDP, the successful exploitation of the vulnerability does not require authentication.

    Shortly after watchTowr shared details on the security hole and published a detection artefact generator, at least one threat actor started probing exposed NetScaler instances, Lupovis told SecurityWeek.

    Advertisement. Scroll to continue reading.

    Initial scanning activity originated from an IP hosted on infrastructure in Frankfurt, Germany, likely using a disposable or purpose-built scanning node.

    Multiple Lupovis sensors were targeted within a five-hour window, and a payload was immediately dropped on the sensor that responded with a 200 response.

    The payload included a “bare tag padded with 476 spaces followed by a newline”, which matches the overread variant in watchTowr’s detection artefact generator.

    On Thursday, the cybersecurity firm observed a second threat actor probing for exposed NetScaler instances from a Koapu Cloud HK IP address.

    “Both have demonstrated the same behaviour, probing for the right endpoint, upon receiving a 200 OK with the right response, they have delivered the payload immediately,” Lupovis CEO Xavier Bellekens said.

    Organizations are advised to patch their NetScaler appliances immediately, or to disable SAML IDP if patching is not possible. They should also check logs for /saml/login traffic, inspect the request values, and check NSC_TASS cookie values to identify exploitation.

    Related: Cisco Confirms In-the-Wild Exploitation of Unified CM Vulnerability

    Related: CISA Warns of Actively Exploited Microsoft SharePoint Vulnerability

    Related: Adobe Patches Critical ColdFusion, Campaign Classic Vulnerabilities

    Related: Exploitation of Recent Oracle E-Business Suite Vulnerability Begins

    Advertisement
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    The Tech Guy
    • Website

    Related Posts

    FortiBleed Campaign Linked to INC, Lynx Ransomware Attacks

    July 2, 2026

    Frontier AI: Six Questions Every Enterprise Should Ask Security Vendors

    July 2, 2026

    Citrix Patches NetScaler Vulnerabilities, Including New ‘HTTP/2 Bomb’ Attack

    July 2, 2026

    Microsoft Adds New Teams Controls to Block Unauthorized AI Bots From Meetings

    July 1, 2026

    Adobe Patches Critical ColdFusion, Campaign Classic Vulnerabilities

    July 1, 2026

    Aflac Japan Data Breach Impacts 4.38 Million

    July 1, 2026
    Leave A Reply Cancel Reply

    Advertisement
    Top Posts

    You don’t need a NAS to self-host — I proved it with hardware from my closet

    June 7, 2026169 Views

    Spotify is giving one of its best playlists a big visual upgrade to give subscribers ‘a closer connection’ to its New Music Friday curators — and I think it could be the update it’s always needed

    June 12, 202690 Views

    The iPad Air brand makes no sense – it needs a rethink

    October 12, 202516 Views
    Stay In Touch
    • Facebook
    • YouTube
    • TikTok
    • WhatsApp
    • Twitter
    • Instagram
    Advertisement
    About Us
    About Us

    SynapseFlow brings you the latest updates in Technology, AI, and Gadgets from innovations and reviews to future trends. Stay smart, stay updated with the tech world every day!

    Our Picks

    New CitrixBleed Vulnerability Exploited Immediately After Public Disclosure

    July 2, 2026

    Fans Furious as Netflix Uses AI to Bring Gene Wilder’s Voice Back From the Dead for Willy Wonka Reality Show

    July 2, 2026

    Dynadot domain registration service review

    July 2, 2026
    categories
    • AI News & Updates
    • Cybersecurity
    • Future Tech
    • Reviews
    • Software & Apps
    • Tech Gadgets
    Facebook X (Twitter) Instagram Pinterest YouTube Dribbble
    • Homepage
    • About Us
    • Contact Us
    • Privacy Policy
    © 2026 SynapseFlow All Rights Reserved.

    Type above and press Enter to search. Press Esc to cancel.

    Ad Blocker Enabled!
    Ad Blocker Enabled!
    Our website is made possible by displaying online advertisements to our visitors. Please support us by disabling your Ad Blocker.