CITRIX has issued security updates for two NetScaler vulnerabilities, including a critical memory overread tracked as CVE-2026-3055, which can allow unauthenticated attackers to leak sensitive data from the appliance memory when NetScaler is configured as a SAML IDP. The flaw is rated CVSS 9.3, and Citrix notes that systems configured as a SAML Identity Provider are vulnerable while default configurations are unaffected; a configuration check involves looking for the string add authentication samlIdPProfile .*.
The advisory, according to Rapid7, states that CVE-2026-3055 is an out-of-bounds read with no known in-the-wild exploits at present, and Citrix discovered it internally with exploitation likely after code release. A second vulnerability fixed is CVE-2026-4368, a race condition with a CVSS of 7.7 that can cause session mix-ups. Customers are urged to patch immediately, as memory-leak flaws like CitrixBleed were widely exploited in 2023. The article is dated 24 March 2026.