March 30, 2026

Citrix NetScaler Exploit Alert: Critical Vulnerabilities Exploited

Vaibhav March 30, 2026
Citrix-NetScaler-Exploit-Alert-Critical-Vulnerabilities-Exploited
Post Views: 10

Exploitation of Fresh Citrix NetScaler Vulnerability Underway

Citrix NetScaler appliances configured as SAML Identity Providers (SAML IDPs) and running outdated software have fallen prey to in-the-wild exploitation of a recently disclosed critical-severity vulnerability, according to attack surface management firm WatchTowr.

Vulnerability Details

  • Vulnerability Name: CVE-2026-3055
  • CVSS Score: 9.3
  • Impact: Critical

The security defect, an out-of-bounds read issue, was reportedly discovered and addressed internally by Citrix. However, the company cautioned that threat actors were likely to capitalize on the vulnerability soon after disclosure, drawing parallels with notorious vulnerabilities like CitrixBleed and CitrixBleed2.

WatchTowr noted that initial reconnaissance attempts against vulnerable NetScaler instances began on Friday, followed by the onset of active exploitation on Sunday. According to their findings, the exploitation is attributed to a specific parameter missing from malicious requests, causing an unpatched Citrix NetScaler to inadvertently check for the presence of associated data, leading to sensitive information leakage.

Evidence suggests that in-the-wild exploitation of vulnerable NetScaler instances commenced at least by March 27. The company demonstrated sensitive information leakage by revealing the ID of an authenticated administrative session, illustrating the potential consequences of this vulnerability.

According to WatchTowr, the exploitation method is akin to CitrixBleed2, where a particular parameter must be absent from malicious requests to facilitate the exposure of dead memory. As a result, repeated attempts yield varying information due to the dynamic nature of the memory involved.

Affected Systems

  • NetScaler ADC and Gateway: Versions prior to 14.1-60.58 and 13.1-62.23
  • ADC FIPS and NDcPP: Versions prior to 13.1-37.26


About Author

Vaibhav

See author's posts

More Stories

Vulnerability-in-Smart-Slider-Plugin-Affects-Over-500-000-WordPress-Sites

Vulnerability in Smart Slider Plugin Affects Over 500,000 WordPress Sites

Vaibhav March 29, 2026
Auto-Update-Supply-Chain-Attacks-Surge-RSAC-2026-Predictions

Auto-Update Supply Chain Attacks Surge: RSAC 2026 Predictions

Vaibhav March 29, 2026
Cororna-iOS-Exploit-Kit-Linked-to-Updated-Operation-Triangulation

Cororna iOS Exploit Kit Linked to Updated Operation Triangulation

Vaibhav March 27, 2026

Latest Cyber Security News

Huskey-Raises-8M-in-New-Funding-focuses-husky-startup-funding-emerging-startups-million-dollar-investment

Huskey Raises $8M in New Funding, focuses: husky startup funding, emerging startups, million dollar investment

Vaibhav March 30, 2026
European-Commission-Hit-by-Second-Data-Breach-This-Year-Cybersecurity-Concerns-Rise

European Commission Hit by Second Data Breach This Year: Cybersecurity Concerns Rise

Vaibhav March 30, 2026
Mumbai-Police-Arrests-Jharkhand-Man-for-Cyber-Fraud-on-High-Court-Judge

Mumbai Police Arrests Jharkhand Man for Cyber Fraud on High Court Judge

Vaibhav March 30, 2026
Hacking-Wars-in-Healthcare-Iran-Conflict-Exposes-Cyber-Espionage

Hacking Wars in Healthcare: Iran Conflict Exposes Cyber Espionage

Vaibhav March 30, 2026
EU-Faces-Cyber-Attack-and-Data-Breach

EU Faces Cyber Attack and Data Breach

Vaibhav March 30, 2026
en_USEnglish
en_USEnglish