Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks

Citrix has put out security updates to fix two holes in NetScaler ADC and NetScaler Gateway This article explores citrix security updates. . One of these holes is very serious and could be used to leak private information from the app.

The following are the vulnerabilities: CVE-2026-3055 (CVSS score: 9.3) - Not checking input properly, which causes memory to be read too much CVE-2026-4368 (CVSS score: 7.7) - Race condition that causes a user session Cybersecurity company Rapid7 said that CVE-2026-3055 refers to an out-of-bounds read that could be used by remote attackers who aren't authenticated to leak potentially sensitive information from the appliance's memory. However, the Citrix ADC or Citrix Gateway appliance must be set up as a SAML Identity Provider (SAML IDP) in order for the attack to work. This means that the default settings are not affected.

Citrix is telling customers to check their NetScaler Configuration for the string "add authentication samlIdPProfile . *" to see if the device has been set up as a SAML IDP Profile. On the other hand, CVE-2026-4368 says that the appliance must be set up as a gateway (SSL VPN, ICA Proxy, CVPN, and RDP Proxy) or an Authentication, Authorization, and Accounting (AAA) server.

Customers can look at the NetScaler Configuration to see if their devices have been set up as either of the nodes: AAA virtual server or add authentication vserver. * Gateway: add a VPN server. * The flaws affect NetScaler ADC and NetScaler Gateway versions 14.1 before 14.1-66.59 and 13.1 before 13.1-62.23, as well as NetScaler ADC 13.1-FIPS and 13.1-NDcPP before 13.1-37.262.

For the best protection, users should install the most recent updates as soon as they can. There is no proof that the flaws have been used in the wild, but threat actors have used security holes in NetScaler devices many times (CVE-2023-4966, also known as Citrix Bleed; CVE-2025-5777, also known as Citrix Bleed 2; CVE-2025-6543; and CVE-2025-7775). This means that users must update their instances right away.

"CVE-2026-3055 lets attackers who don't have permission leak and read sensitive memory from NetScaler ADC deployments." "WatchTowr CEO and founder Benjamin Harris told ZeroOwl that this vulnerability sounds a lot like Citrix Bleed and Citrix Bleed 2, which are still traumatic events for many people."

"NetScalers are important tools that hackers have been trying to get into business networks for a long time. The advisory just went live, but defenders need to act fast. Anyone who is running affected versions needs to patch right away.

"Exploitation is very likely to happen soon."