Citrix urges admins to patch NetScaler flaws as soon as possible

Source: BleepingComputer

Author: Sergiu Gatlan

URL: https://www.bleepingcomputer.com/news/security/citrix-urges-admins-to-patch-netscaler-flaws-as-soon-as-possible/

ONE SENTENCE SUMMARY:

Citrix patched NetScaler flaws, including CitrixBleed-like memory overread, urging rapid upgrades amid widespread exposure and likely exploitation.

MAIN POINTS:

1. Citrix released fixes for two NetScaler ADC and Gateway vulnerabilities.
2. CVE-2026-3055 is critical, caused by insufficient input validation.
3. The bug enables memory overread when configured as a SAML identity provider.
4. Unprivileged remote attackers could steal sensitive data like session tokens.
5. Citrix urged customers to install updated versions immediately.
6. Guidance was provided to identify and remediate vulnerable NetScaler instances.
7. CVE-2026-4368 impacts Gateway/AAA configurations via a race condition.
8. Low-privileged attackers could trigger user session mix-ups with low-complexity exploitation.
9. Affected versions include 13.1/14.1 and FIPS/NDcPP builds with specified fixed releases.
10. Shadowserver reports 30,000+ ADC and 2,300+ Gateway instances exposed online.

TAKEAWAYS:

1. Prioritize patching CVE-2026-3055 due to token leakage risk and CitrixBleed similarities.
2. Validate whether SAML IDP is enabled, since it influences exposure to the critical flaw.
3. Upgrade to 13.1-62.23, 14.1-66.59, or 13.1-37.262 for FIPS/NDcPP.
4. Treat CVE-2026-4368 as a practical threat because low privileges may suffice.
5. Assume exploit attempts will follow patch release through reverse engineering and public PoCs.