By Sergiu Gatlan
Publication Date: 2026-03-31 07:05:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch their Citrix NetScaler appliances against an actively exploited vulnerability by Thursday.
Multiple cybersecurity companies flagged the flaw (CVE-2026-3055) as posing an increased risk of exploitation after Citrix released security updates on March 23, noting a technical resemblance to the widely exploited ‘CitrixBleed’ and ‘CitrixBleed2’ security issues.
The security bug stems from insufficient input validation, which unauthenticated remote attackers can exploit to steal sensitive information from Citrix ADC or Citrix Gateway appliances configured as SAML identity providers (IDPs).
Cybersecurity firm Watchtowr also spotted that the vulnerability was already being abused in the wild days after Citrix issued patches, warning that attackers can use it to steal admin authentication session IDs, potentially enabling a full takeover of unpatched NetScaler appliances.
While…
