CYBERSIXT Signal Over Noise
www.securityweek.com 3/30/2026, 9:34:23 AM · via preferred

Exploitation of Fresh Citrix NetScaler Vulnerability Begins

Incident Open incident page

U.S. CISA adds a flaw in Citrix NetScaler to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a Citrix NetScaler flaw, tracked as CVE-2026-3055, to its Known Exploited Vulnerabilities (KEV) catalog, with a CVSS score of 9.3. In March, Citrix issued security updates for two NetScaler vulnerabilities, including CVE-2026-3055, which allows unauthenticated attackers to leak…

First seen 2026-03-24T13:48:16.947Z · Last seen 2026-03-31T10:15:39.177Z

CVE-2026-3055 CVE-2026-4368
CyberSIXT Evidence Panel
CVE Intel
CVE-2026-3055 - NVD Not in KEV 9.3 CRITICAL Patch Unknown
CISA KEV Not in KEV
Patch Patch Status Unknown

EXPLOITATION of Fresh Citrix NetScaler Vulnerability Begins reports that in-the-wild exploitation of a fresh critical-severity flaw, tracked as CVE-2026-3055 (CVSS 9.3), has started less than a week after public disclosure.

The vulnerability is described as an out-of-bounds read issue that could leak memory and potentially obtain authenticated administrative session IDs, with Citrix having released fixes for NetScaler ADC and Gateway versions before 14.1-60.58 and 13.1-62.23, or ADC FIPS and NDcPP versions before 13.1-37.262.

WatchTowr warned that threat actors would likely start exploiting it, and on Friday reported the first active reconnaissance attempts against vulnerable NetScaler instances, followed by Sunday’s disclosure that active exploitation had begun. According to WatchTowr, the exploitation resembles CitrixBleed2 and requires a specific parameter in a malicious request, but without a value. Evidence suggests in-the-wild exploitation began at least by 27 March.

View full article

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline