ALL POSTS

Citrix NetScaler CVE-2026-3055 Under Active Attack: Sensitive Data Exposure Risk

Key Findings CVE-2026-3055 is a critical vulnerability (CVSS 9.3) in Citrix NetScaler ADC and Gateway affecting memory through an insufficient input validation flaw Attackers are actively probing the vulnerability via honeypot detection and fingerprinting authentication methods Only affects systems configured as a SAML Identity Provider, though this is a common enterprise configuration No public exploits exist yet, but in-the-wild exploitation is considered imminent Organizat

Mar 292 min read

Citrix NetScaler Critical Vulnerability Enables Unauthenticated Data Leaks - Immediate Patching Required

Key Findings Citrix released patches for two critical NetScaler vulnerabilities affecting ADC and Gateway products CVE-2026-3055 (CVSS 9.3) is a memory overread flaw allowing unauthenticated attackers to leak sensitive data from appliance memory Vulnerability only affects systems configured as SAML Identity Providers, not default configurations CVE-2026-4368 (CVSS 7.7) is a race condition causing session mix-ups in gateway and AAA server deployments No public exploits current

Mar 242 min read