Citrix NetScaler ADC and Gateway versions 14.1 and 13.1 are both vulnerable. The vulnerability, CVE-2026-3055, is a case of not checking input properly, which causes memory overread. To successfully exploit the flaw, the appliance must be set up as a SAML Identity Provider (SAML IDP).
This means that users need to quickly install the latest updates to stay safe, because it's only a matter of time before the flaw is used in the wild. Defused Cyber and watchTowr say that exploitation in the wild can happen at any time. The company said in a post on X.org, "When attacker reconnaissance shifts to active exploitation, the window to respond will evaporate." "Companies that use CitrixnetScaler versions and configurations that are affected need to stop using them and patch them right away."
