RSS
Last updated: May 14, 2026 at 10:49 AM UTC
All 219 Vulnerability 76 Breach 45 Threat 91 Defense 7
Tag: citrix (2 articles)Clear
vulnerability
CVE-2026-3055
2026-03-30

Citrix NetScaler exploitation confirmed - CISA adds to KEV with April 2 deadline (CVE-2026-3055)

The Citrix NetScaler flaw we reported under active recon two days ago has escalated fast. Attackers are now sending crafted SAMLRequest payloads that trigger memory leaks exposing sensitive data through session cookies. CISA added CVE-2026-3055 to the Known Exploited Vulnerabilities catalog on March 30 with an unusually tight April 2 remediation deadline - just three days for federal agencies.

citrixnetscalersamlcisa-kevactively-exploited
Check
Check if you run NetScaler ADC or Gateway configured as a SAML identity provider.
Affected
NetScaler ADC/Gateway 14.1 < 14.1-66.59, 13.1 < 13.1-62.23, 13.1-FIPS/NDcPP < 13.1-37.262.
Fix
Update to 14.1-66.59, 13.1-62.23, or 13.1-37.262 respectively. CISA deadline is April 2, 2026.
vulnerability
CVE-2026-3055
2026-03-28

Citrix NetScaler under active recon - attackers fingerprinting SAML configs before exploitation (CVE-2026-3055)

Attackers are scanning internet-facing Citrix NetScaler ADC and Gateway appliances right now, probing the /cgi/GetAuthMethods endpoint to find which ones are configured as SAML identity providers - the exact setup needed to trigger this CVSS 9.3 memory-leak flaw. Not full exploitation yet, but researchers at watchTowr warn the jump from recon to attack could happen any day.

citrixnetscalersamlrecon
Check
Check if you run NetScaler ADC or Gateway configured as a SAML identity provider.
Affected
NetScaler ADC/Gateway 14.1 < 14.1-66.59, 13.1 < 13.1-62.23, 13.1-FIPS/NDcPP < 13.1-37.262.
Fix
Update to 14.1-66.59, 13.1-62.23, or 13.1-37.262 respectively. Patch immediately if configured as SAML IDP.