By Guru Writer
Publication Date: 2026-03-27 14:24:00
A critical vulnerability in Citrix NetScaler ADC and NetScaler Gateway is drawing urgent warnings from the security community, with experts cautioning that exploitation could be imminent and that the ghost of CitrixBleed looms large over the disclosure.
Tracked as CVE-2026-3055 with a CVSS score of 9.3, the flaw is an out-of-bounds read issue affecting NetScaler deployments configured as a SAML Identity Provider (SAML IDP), allowing remote, unauthenticated attackers to read sensitive memory. Citrix has warned that the vulnerability could enable remote attackers to steal sensitive information, such as session tokens, and has strongly urged affected customers to install updated versions as soon as possible.
Fixes have been issued in NetScaler ADC and NetScaler Gateway versions 14.1-66.59, 13.1-62.23, and 13.1-NDcPP 13.1.37.262. A second flaw was also addressed: CVE-2026-4368, a race condition that can lead…
