Researchers say that a recently revealed serious flaw in Citrix NetScaler ADC and Gateway appliances could soon be used in the real world. Defused Cyber and watchTowr, two companies that study threats, have found active reconnaissance campaigns that are specifically looking for CVE-2026-3055. The vulnerability is similar to the well-known "CitrixBleed" (CVE-2023-4966) exploits of 2023 in a worrying way.

It lets threat actors leak and read sensitive memory contents from targeted enterprise deployments without needing to log in. Leaked data could include active session tokens, credentials saved during SAML processing, and secrets about backend configuration. None of these things need remote code execution to cause serious damage downstream. The flaw doesn't require any user action and can be triggered from a distance by sending maliciously crafted network requests to the vulnerable SAML endpoint.

The company posted on X, "We are now seeing auth method fingerprinting activity against Net scaler ADC/Gateway in the wild." Choose ZeroOwl as your preferred source in Google. In Google's search engine, set zeroOwl.com as a preferred source.

Make ZeroOwl.com your favorite search engine in Google Search. Make SetZeroOwl the search engine's default source for search results. If you want to find ZeroO Owl in the Google search results for a specific search engine or search engine for a specific search engine name, use the search box. To find the source of a search engine, type the name of the engine you want to find into Google's Search Console.

Set the source name of your search engine to the most detailed level possible. Set it to the lowest level possible to get the best search results. To get 0.3 to the top level of the source for a search result, set 0.1 to 0.2.