Dossier
WatchTowr
Coverage of WatchTowr in the Nexus archive.
CISAorganization2Citrixorganization1NetScaler ADCproduct1NetScaler Gatewayproduct1CVE-2026-8451topic1CitrixBleedtopic1Aliz Hammondperson1Michael Tuckerperson1JPMorgan Chaseorganization1Maxim Suhanovperson1cPanelorganization1CVE-2026-41940topic1Rapid7organization1KnownHostorganization1Namecheaporganization1WP Squaredtopic1
- Citrix patches a new NetScaler flaw with echoes of CitrixBleed
Citrix disclosed six vulnerabilities in NetScaler ADC and Gateway, including a high-severity memory disclosure flaw (CVE-2026-8451) linked to the CitrixBleed vulnerability class. Researchers at watchTowr and others identified the flaws, which involve memory management issues and require patching and configuration adjustments to mitigate risks.
- cPanel’s authentication bypass bug is being exploited in the wild, CISA warns
cPanel's authentication bypass vulnerability (CVE-2026-41940) is being actively exploited, affecting all supported versions since 11.40 and WP Squared. CISA added it to its KEV list, while cPanel released a patch addressing the flaw, which allows attackers to inject malicious data during login to bypass authentication.