thehackernews.com 3/28/2026, 10:18:26 AM · via preferred

Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug

Developing story vulnerability 11 articles tracked
Citrix NetScaler out-of-bounds read flaw (CVE-2026-3055) actively exploited
CyberSIXT Evidence Panel
Primary Source x.com
CISA KEV Not in KEV
Patch Patch Status Unknown

CITRIX NetScaler ADC and NetScaler Gateway are under active reconnaissance for CVE-2026-3055, a memory overread flaw rated CVSS 9.3 that stems from insufficient input validation. According to Defused Cyber and watchTowr, attackers are probing for exposed authentication methods, with activity targeting the /cgi/GetAuthMethods endpoint to enumerate enabled authentication flows in Citrix honeypots. Per Citrix, successful exploitation hinges on the appliance being configured as a SAML Identity Provider (SAML IDP).

The advisory notes that NetScaler ADC and NetScaler Gateway versions 14.1 before 14.1-66.59 and 13.1 before 13.1-62.23, as well as NetScaler ADC 13.1-FIPS and 13.1-NDcPP before 13.1-37.262, are affected. The piece also highlights that multiple NetScaler vulnerabilities have previously seen active exploitation, underscoring the urgency for users to update to the latest releases. Found this article interesting? follow The Hacker News for more updates as the situation evolves.

View Primary Source Via thehackernews.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline