Protect.Computer
NEWS

Citrix patches critical NetScaler bleed-like flaws (CVE-2026-3055, CVE-2026-4368)

· 1 min read · Network safety Malicious byte
Citrix patches critical NetScaler bleed-like flaws (CVE-2026-3055, CVE-2026-4368)

Photo by protect.computer (custom explainer graphic) on protect.computer

What happened

Citrix released security updates for NetScaler ADC and NetScaler Gateway to fix two important vulnerabilities:

  • CVE-2026-3055 (critical): insufficient input validation that can cause a memory overread and potentially leak sensitive data.
  • CVE-2026-4368 (high): a race condition that can cause user session mix-up in specific gateway/AAA setups.

Citrix says customers should patch as soon as possible. Security researchers have warned this issue looks similar to previous “CitrixBleed”-style bugs that were heavily exploited after disclosure.

Why this matters

NetScaler is widely used for remote access and authentication. If exploited on vulnerable configurations, attackers could steal sensitive session data or interfere with user sessions.

Even without confirmed widespread exploitation at publication time, these flaws are high-priority because:

  • NetScaler devices are often internet-facing.
  • Similar flaws were weaponized quickly in prior incidents.
  • Attackers can reverse-engineer patches to build exploits.

How to check if you’re affected

Potentially affected systems/services

  • NetScaler ADC and NetScaler Gateway before 14.1-66.59.
  • NetScaler ADC and NetScaler Gateway before 13.1-62.23.
  • NetScaler ADC 13.1-FIPS / 13.1-NDcPP before 13.1-37.262.
  • Higher risk if configured as:
    • SAML Identity Provider (relevant to CVE-2026-3055)
    • Gateway or AAA virtual server (relevant to CVE-2026-4368)

Quick verification steps

  1. Check your installed version/build

    • Confirm whether your appliance is below any fixed versions listed above.

  2. Check vulnerable feature exposure

    • Review configuration for SAML IdP profiles and Gateway/AAA virtual server usage.

  3. Prioritize exposed assets

    • Patch internet-facing NetScaler instances first, then internal appliances.

  4. Apply Citrix updates immediately

    • Move to fixed builds and validate service health after patching.

  5. Watch for suspicious behavior

    • Investigate unusual authentication/session anomalies after update windows.

Immediate defensive actions

  • Emergency-patch vulnerable NetScaler appliances.
  • Restrict management and gateway access paths until patching is complete.
  • Add temporary heightened monitoring for authentication/session anomalies.
  • Document patched versions per instance for rapid audit readiness.

Sources

Bottom line

If you run NetScaler, treat these updates as urgent. Confirm whether your deployment uses SAML IdP or Gateway/AAA roles, patch immediately, and verify session/authentication behavior after rollout.

Related reading

News
PTC warns of critical Windchill and FlexPLM RCE flaw (CVE-2026-4681)

PTC issued an urgent advisory for CVE-2026-4681, a critical remote code execution flaw in Windchill and FlexPLM, with immediate mitigation guidance while patches roll out.

News
CISA adds Citrix CVE-2026-3055 to KEV after active exploitation reports

CISA added CVE-2026-3055 (Citrix NetScaler) to the KEV catalog, signaling confirmed exploitation and urgent patching for exposed SAML IdP deployments.

News
Google Chrome 146.0.7680.80 security update fixes high-risk desktop browser bugs

Google released Chrome 146.0.7680.80 for Windows, macOS, and Linux with security fixes. Users should update promptly to reduce browser exploit risk.

News
Mozilla releases Firefox 149 and ESR updates fixing dozens of security flaws

Mozilla shipped Firefox 149 and ESR updates on March 24, 2026, addressing a large set of high-impact browser vulnerabilities, including memory-safety and sandbox-escape issues.