Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks

Source: The Hacker News

Author: info@thehackernews.com (The Hacker News)

URL: https://thehackernews.com/2026/03/citrix-urges-patching-critical.html

ONE SENTENCE SUMMARY:

Citrix patched two NetScaler flaws, including critical unauthenticated memory disclosure, urging rapid updates due to likely imminent exploitation.

MAIN POINTS:

1. Citrix issued security updates for NetScaler ADC and NetScaler Gateway vulnerabilities.
2. CVE-2026-3055 is critical (9.3) due to insufficient input validation memory overread.
3. Rapid7 describes CVE-2026-3055 as an out-of-bounds read leaking sensitive memory.
4. Exploitation requires the appliance configured as a SAML Identity Provider profile.
5. Customers should search configs for add authentication samlIdPProfile .* to confirm exposure.
6. CVE-2026-4368 (7.7) is a race condition causing user session mixups.
7. CVE-2026-4368 needs gateway or AAA server configurations to be exploitable.
8. Validate configurations using add authentication vserver .* or add vpn vserver .*.
9. Affected releases include 14.1 < 14.1-66.59 and 13.1 < 13.1-62.23.
10. Patch urgently given NetScaler’s history of repeated exploitation (Citrix Bleed and successors).

TAKEAWAYS:

1. Apply the newest NetScaler updates immediately across all impacted versions and editions.
2. Prioritize remediation where SAML IdP is enabled, since it unlocks unauthenticated memory leakage.
3. Treat gateway and AAA deployments as higher-risk due to session-mixup conditions.
4. Use provided configuration-string checks to quickly scope exposure in environments.
5. Assume high exploitation likelihood despite no confirmed in-the-wild abuse yet.