www.infosecurity-magazine.com 3/30/2026, 11:45:04 AM · via preferred

Critical Citrix NetScaler Vulnerability Exploited in the Wild

Developing story vulnerability 11 articles tracked
Citrix NetScaler out-of-bounds read flaw (CVE-2026-3055) actively exploited
CyberSIXT Evidence Panel
CISA KEV Not in KEV
Patch Patch Status Unknown

A critical vulnerability in Citrix NetScaler ADC and NetScaler Gateway is being exploited in the wild, security researchers have confirmed. Disclosed by Citrix on 23 March as CVE-2026-3055, it is a critical out-of-bounds read with a CVSS v4.0 score of 9.3 that can let an unauthenticated remote attacker leak memory contents from the appliance.

The flaw affects NetScaler ADC and NetScaler Gateway versions 14.1 before 14.1-66.59, 13.1 before 13.1-62.23, and NetScaler ADC FIPS and NDcPP before 13.1-37.262, but only when the systems are explicitly configured as a SAML Identity Provider; default configurations are not affected. Notably, only customer-managed instances are impacted, not cloud instances managed by Citrix.

Honeypot activity and fingerprinting have indicated in-the-wild exploitation as of March 27–29, with attackers sending crafted SAMLRequest payloads to /saml/login and triggering memory leakage via the NSC_TASS cookie. Citrix, the Cloud Software Group, and agencies such as the UK’s National Cyber Security Centre have urged immediate patching, with updates including 14.1-66.59, 13.1-62.23 and later builds, and a new Global Deny List feature to enable rapid protection while upgrades are planned.

View full article

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline