Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: netscaler (3 articles)Clear

Citrix patches six NetScaler flaws, including a CitrixBleed-style memory leak

Citrix has released fixes for six vulnerabilities in NetScaler ADC and NetScaler Gateway, including a high-severity memory-disclosure flaw that researchers place in the same class as the 2023 CitrixBleed bug. That flaw (CVE-2026-8451, rated 8.8) leaks small amounts of memory through malformed SAML requests and shares a root cause with an earlier NetScaler bug that was exploited within days of disclosure. The bulletin also covers an unauthenticated arbitrary file read and several denial-of-service issues, with CVSS scores from 6.9 to 8.8. No exploitation has been reported yet, but NetScaler appliances have drawn more than 20 entries on CISA's exploited-vulnerabilities list in three years, several used in ransomware.

Check
Inventory NetScaler ADC and Gateway appliances and their configurations, checking whether they run as SAML identity providers, expose management IPs, or use HTTP/2, and confirm which builds they are on.
Affected
NetScaler ADC and Gateway appliances on affected builds (CVE-2026-8451 and five others); SAML identity-provider setups risk memory disclosure, and other configurations face arbitrary file read or denial of service.
Fix
Update to NetScaler ADC and Gateway 14.1-72.61 or later fixed builds, and for the HTTP/2 denial-of-service flaw, manually set the Http2SmallWndTimeout parameter, since patching alone does not fully close it.

Citrix NetScaler exploitation confirmed - CISA adds to KEV with April 2 deadline (CVE-2026-3055)

The Citrix NetScaler flaw we reported under active recon two days ago has escalated fast. Attackers are now sending crafted SAMLRequest payloads that trigger memory leaks exposing sensitive data through session cookies. CISA added CVE-2026-3055 to the Known Exploited Vulnerabilities catalog on March 30 with an unusually tight April 2 remediation deadline - just three days for federal agencies.

Check
Check if you run NetScaler ADC or Gateway configured as a SAML identity provider.
Affected
NetScaler ADC/Gateway 14.1 < 14.1-66.59, 13.1 < 13.1-62.23, 13.1-FIPS/NDcPP < 13.1-37.262.
Fix
Update to 14.1-66.59, 13.1-62.23, or 13.1-37.262 respectively. CISA deadline is April 2, 2026.

Citrix NetScaler under active recon - attackers fingerprinting SAML configs before exploitation (CVE-2026-3055)

Attackers are scanning internet-facing Citrix NetScaler ADC and Gateway appliances right now, probing the /cgi/GetAuthMethods endpoint to find which ones are configured as SAML identity providers - the exact setup needed to trigger this CVSS 9.3 memory-leak flaw. Not full exploitation yet, but researchers at watchTowr warn the jump from recon to attack could happen any day.

Check
Check if you run NetScaler ADC or Gateway configured as a SAML identity provider.
Affected
NetScaler ADC/Gateway 14.1 < 14.1-66.59, 13.1 < 13.1-62.23, 13.1-FIPS/NDcPP < 13.1-37.262.
Fix
Update to 14.1-66.59, 13.1-62.23, or 13.1-37.262 respectively. Patch immediately if configured as SAML IDP.