A new pre-auth memory overread vulnerability, CVE-2026-8451 (CVSS 8.8), has been disclosed in Citrix NetScaler ADC and Gateway appliances configured as SAML Identity Providers. The flaw resides in the custom XML parser handling SAML AuthnRequest messages, where unquoted attribute values terminated by newlines cause the parser to read beyond the buffer boundaries. This leaked memory, which may include sensitive data or pointers, is returned to the attacker via the NSC_TASS cookie, and the issue can also be triggered to crash the nsppe process.