Skip to content
Tech News
← Back to articles

Citrix urges admins to patch NetScaler flaws as soon as possible

2026-03-25 | original
read original get NetScaler Security Patch → more articles
Why This Matters

The recent security patches for Citrix NetScaler ADC and Gateway highlight the ongoing importance of proactive vulnerability management in network infrastructure. These flaws, if exploited, could lead to data breaches and session hijacking, posing significant risks to organizations relying on these appliances. Prompt patching and vigilant security practices are essential to protect sensitive information and maintain network integrity in the evolving threat landscape.

Key Takeaways

Citrix has patched two vulnerabilities affecting NetScaler ADC networking appliances and NetScaler Gateway secure remote access solutions, one of which is very similar to the CitrixBleed and CitrixBleed2 flaws exploited in zero-day attacks in recent years.

The critical security bug (tracked as CVE-2026-3055) stems from insufficient input validation, which can lead to a memory overread on Citrix ADC or Citrix Gateway appliances configured as a SAML identity provider (IDP), potentially enabling remote attackers without privileges to steal sensitive information such as session tokens.

"Cloud Software Group strongly urges affected customers of NetScaler ADC and NetScaler Gateway to install the relevant updated versions as soon as possible," the company warned in a Monday advisory.

Citrix has also shared detailed guidance on how to identify and patch NetScaler instances vulnerable to CVE-2026-3055.

The company also patched the CVE-2026-4368 vulnerability affecting appliances configured as Gateways (SSL VPN, ICA Proxy, CVPN, RDP proxy) or AAA virtual servers, which can enable threat actors with low privileges on the targeted system to exploit a race condition in low-complexity attacks, potentially leading to user session mix-ups.

The two flaws affect NetScaler ADC and NetScaler Gateway versions 13.1 and 14.1 (fixed in 13.1-62.23 and 14.1-66.59) and NetScaler ADC 13.1-FIPS and 13.1-NDcPP (addressed in 13.1-37.262).

Internet security watchdog group Shadowserver is currently tracking over 30,000 NetScaler ADC instances and more than 2,300 Gateway instances exposed online. However, there is currently no information regarding how many of them are using vulnerable configurations or have already been patched against attacks.

Citrix NetScaler ADC instances exposed online (Shadowserver)

Since Citrix released security updates to address the vulnerability, multiple cybersecurity companies have warned that it's critical to secure NetScaler against attacks targeting CVE-2026-3055.

Many of them have also pointed out obvious similarities to the CitrixBleed and CitrixBleed2 out-of-bounds memory-read vulnerabilities exploited in zero-day attacks in recent years.

... continue reading

Explore topics: citrix netscaler cve-2026-3055 cve-2026-4368 shadowserver
Related:
Federal data breach may be the biggest hack in US history
VPN flaws allowed Chinese hackers to compromise dozens of Ivanti customers, says report
Wave of Citrix NetScaler scans use thousands of residential proxies
Over 6,000 SmarterMail servers exposed to automated hijacking attacks
Nearly 800,000 Telnet servers exposed to remote attacks

© 2026 GoKawiil

About | Editorial Policy | Contact