Citrix memory disclosure and Kemp RCE blocked by WAF
This release introduces new rules targeting critical infrastructure vulnerabilities. These include an unauthenticated memory disclosure flaw in Citrix NetScaler ADC and Gateway (CVE-2026-8451) and a high-severity pre-authentication remote code execution (RCE) vulnerability in Progress Kemp LoadMaster (CVE-2026-8037).
Key Findings
-
CVE-2026-8451: An insufficient input validation vulnerability affects Citrix NetScaler ADC and NetScaler Gateway appliances configured as a SAML Identity Provider (IdP). Remote, unauthenticated attackers can exploit this flaw by sending malformed requests to trigger a memory overread, allowing them to leak chunks of sensitive data from adjacent appliance memory.
-
CVE-2026-8037: A critical OS command injection vulnerability in Progress Kemp LoadMaster load balancers allows unauthenticated remote attackers to achieve remote code execution (RCE).
Ruleset
Rule ID
Legacy Rule ID
Description
Previous Action
New Action
Comments
Cloudflare Managed Ruleset
78826e3223b94da493a2ade876973ac4
N/A
Citrix Netscaler ADC - Insufficient Input Validation - CVE:CVE-2026-8451
Log
Block
This is a new detection.
Cloudflare Managed Ruleset
6b64d216620449fbb273d07910233f36
N/A
Progress Kemp LoadMaster - Remote Code Execution - CVE:CVE-2026-8037
Log
Block
This is a new detection.
Fetched July 14, 2026
