By therecord.media
Publication Date: 2026-03-31 13:06:00
Hackers are exploiting a critical vulnerability affecting a popular line of networking appliances, according to researchers and federal cyber defenders.
The Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to patch CVE-2026-3055 by Thursday after incident responders began reporting exploitation over the weekend.
CVE-2026-3055 impacts Citrix NetScaler application delivery controllers (ADC) — tools that large organizations use to manage traffic and authentication. The specific part affected by the bug — the NetScaler Gateway — serves as the front door for users connecting to an organization’s environment.
The bug enables threat actors to send requests that disclose sensitive information. It carries a severity score of 9.3 out of 10, indicating a critical risk.
It was disclosed and patched by Citrix on March 23 and cybersecurity experts at watchTowr reported exploitation on Sunday.
Benjamin Harris, watchTowr’s CEO, said the…