By Sergiu Gatlan
Publication Date: 2026-03-25 15:52:00
Citrix has patched two vulnerabilities affecting NetScaler ADC networking appliances and NetScaler Gateway secure remote access solutions, one of which is very similar to the CitrixBleed and CitrixBleed2 flaws exploited in zero-day attacks in recent years.
The critical security bug (tracked as CVE-2026-3055) stems from insufficient input validation, which can lead to a memory overread on Citrix ADC or Citrix Gateway appliances configured as a SAML identity provider (IDP), potentially enabling remote attackers without privileges to steal sensitive information such as session tokens.
“Cloud Software Group strongly urges affected customers of NetScaler ADC and NetScaler Gateway to install the relevant updated versions as soon as possible,” the company warned in a Monday advisory.
Citrix has also shared detailed guidance on how to identify and patch NetScaler instances vulnerable to CVE-2026-3055.
The company also patched the CVE-2026-4368 vulnerability affecting…