CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Vulnerabilities

Critical Citrix NetScaler Vulnerability Poised for Exploitation, Security Firms Warn

An out-of-bounds read vulnerability can be exploited remotely without authentication to read sensitive information from memory. The post Critical Citrix NetScaler Vulnerability Poised for Exploitation, Security Firms Warn appeared first on SecurityWeek.

Citrix vulnerabilities exploited

Citrix on Monday announced patches for a critical-severity vulnerability in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) that could lead to sensitive memory leaks.

The flaw is tracked as CVE-2026-3055 (CVSS score of 9.3) and is described as an out-of-bounds read issue impacting NetScaler deployments configured as a SAML Identity Provider (SAML IDP).

“Customers can determine if they have an appliance configured as a SAML IDP Profile by inspecting their NetScaler Configuration for the specified string: add authentication samlIdPProfile .*,” Citrix notes in its advisory.

Fixes for the security defect were included in NetScaler ADC and NetScaler Gateway versions 14.1-66.59, 13.1-62.23, and 13.1-NDcPP 13.1.37.262.

The security updates also resolve CVE-2026-4368, a high-severity race condition issue that could lead to ‘user session mixup’ if the appliances are configured as gateways or AAA virtual servers.

The company says the critical vulnerability was discovered through its ongoing security reviews and makes no mention of either of the two flaws being exploited in the wild, but urges customers to apply the patches as soon as possible.

According to security researchers, however, CVE-2026-3055 should not be treated lightly. In fact, watchTowr CEO and founder Benjamin Harris points out that the bug “sounds suspiciously similar to CitrixBleed and CitrixBleed2, which continue to represent a trauma event for many”.

Harris also warns that the bug could allow unauthenticated attackers to leak and read sensitive memory from vulnerable deployments and that exploitation is likely to start soon.

Pointing out that “there is no known in-the-wild exploitation and no public proof-of-concept (PoC) available” now, Rapid7 also believes that attacks targeting CVE-2026-3055 could start as soon as exploitation code becomes public.

The security firm also notes that the SAML IDP configuration required for successful exploitation is likely very common among organizations that use single sign-on.

“NetScalers are critical solutions that have been continuously targeted for initial access into enterprise environments. Defenders need to act quickly. Anyone running impacted versions needs to patch urgently. Imminent exploitation is highly likely,” Harris said.

Related: QNAP Patches Four Vulnerabilities Exploited at Pwn2Own

Related: Oracle Releases Emergency Patch for Critical Identity Manager Vulnerability

Related: Apple Debuts Background Security Improvements With Fresh WebKit Patches

Related: Citrix Patches Exploited NetScaler Zero-Day

Latest News

CYBERNEWSMEDIAPublisher