Tech Translated

IT Security & Technology Blog

Practical IT insights for Australian businesses. Our team covers cybersecurity advisories, compliance updates, and plain-English explainers on the technology your business relies on, published regularly as the landscape shifts.

Server racks in a modern data centre — Microsoft 365 backup and cloud data protection

Citrix has pushed out fixes for six flaws in its NetScaler ADC and Gateway appliances, and one deserves your attention today. CVE-2026-8451 is a pre-authentication memory-disclosure bug that researchers say belongs to the same family as the infamous 2023 CitrixBleed breach. As reported by CyberScoop, it lets an unauthenticated attacker read chunks of an appliance’s memory — potentially including live session tokens — when NetScaler is set up as a SAML identity provider, a common single sign-on configuration. Scanning and exploit attempts were reported within a day of the 30 June disclosure.

If your business uses NetScaler ADC or Gateway for remote access or SSO, you’re in scope on 14.1 builds before 14.1-72.61 and 13.1 builds before 13.1-63.18. A leaked session token can let an attacker walk straight past multi-factor authentication — which is exactly how the original CitrixBleed fuelled ransomware campaigns. And here’s the pattern worth naming: NetScaler has now clocked more than 20 entries in the US CISA exploited-vulnerabilities catalogue in three years. Internet-facing remote-access gear — Citrix, Fortinet, the lot — is the front door attackers keep kicking in, and plenty of Australian firms, clinics and councils quietly depend on it.

What to do: upgrade affected appliances to 14.1-72.61 or 13.1-63.18 (or the matching FIPS and NDcPP builds) now, then terminate active sessions so any tokens already skimmed are useless. Check whether your appliance is running as a SAML IdP — that’s the trigger for this one. If you’re not certain what you’re running, ask your IT provider today, not next week.

At All IT Services we watch edge devices like these for our clients and patch them before they become someone’s way in. If remote access is part of how your team works, our cybersecurity team can confirm you’re covered.

Related Guide

Cybersecurity for Sydney SMBs

Explore our complete guide to protecting your business from cyber threats.

Read the Full Guide →