Critical Citrix NetScaler Bug Exposes Network Systems to Hacking
Citrix Urges Customers to Patch Critical NetScaler Vulnerability
Citrix has urged its customers to patch a critical-severity vulnerability in its NetScaler ADC and NetScaler Gateway products, following a warning from WatchTower CEO Benjamin Harris that exploitation is likely to occur soon.
Vulnerability Overview
The vulnerability, tracked as CVE-2026-3055 with a CVSS score of 9.3, is caused by an out-of-bounds read issue affecting NetScaler deployments configured as a SAML Identity Provider (SAML IDP).
“The bug is similar to previously identified vulnerabilities like CitrixBleed and CitrixBleed2,” Harris said. “It allows unauthenticated attackers to leak and read sensitive memory from vulnerable deployments.”
Patching Information
Citrix has released patches for this vulnerability in NetScaler ADC and NetScaler Gateway versions 14.1-66.59, 13.1-62.23, and 13.1-NDcPP 13.1.37.262.
- Customers can identify if they have an appliance configured as a SAML IDP by checking their NetScaler configuration for the string “add authentication samlIdP.*”.
- Rapid7 emphasizes the importance of prompt action, urging defenders to patch the vulnerability urgently due to the likelihood of imminent exploitation.
Related News
Citrix has already patched another vulnerability, CVE-2026-4368, which is a high-severity race condition issue that could lead to user session mix-up if the appliances are configured as gateways or AAA virtual servers.
Organizations affected by the CVE-2026-3055 vulnerability should take immediate action to patch their systems and mitigate potential risks. As the cybersecurity landscape continues to evolve, it is essential for companies to remain vigilant and address critical vulnerabilities promptly to prevent potential exploitation.
About Author
English