{"id":363,"date":"2026-03-24T09:03:18","date_gmt":"2026-03-24T09:03:18","guid":{"rendered":"https:\/\/thedigitalfortress.us\/?p=363"},"modified":"2026-03-24T09:03:18","modified_gmt":"2026-03-24T09:03:18","slug":"citrix-urges-patching-critical-netscaler-flaw-allowing-unauthenticated-data-leaks","status":"publish","type":"post","link":"https:\/\/thedigitalfortress.us\/?p=363","title":{"rendered":"Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks"},"content":{"rendered":"<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">Ravie Lakshmanan<\/span><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">Mar 24, 2026<\/span><\/span><span class=\"p-tags\">Vulnerability \/ Enterprise Security<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a href=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhMCnGCq_DsAE40JVqQy2HjOcbqucRBcpx0JOpEQM9SZplWbse_yzvfQGRG8Uux9NVkQhQrHYzTIlb3b58b47kkLOfIBcxeaMVT7SlUjBSr3URnME7qL5P3ZqJgVw3bGX0NY_hYsvhAbTTJ7PZk-mmpl949AALvrsV0JkZEQD82ah-B2jlOBz-oGC-P4xaY\/s1700-e365\/citrix.jpg\" style=\"display: block;  text-align: center; clear: left; float: left;\"><\/a><\/div>\n<p>Citrix has released <a href=\"https:\/\/support.citrix.com\/support-home\/kbsearch\/article?articleNumber=CTX696300\" rel=\"noopener\" target=\"_blank\">security updates<\/a> to address two vulnerabilities in <a href=\"https:\/\/docs.netscaler.com\/en-us\/citrix-adc\/current-release\/getting-started-with-citrix-adc.html\" rel=\"noopener\" target=\"_blank\">NetScaler<\/a> ADC and NetScaler Gateway, including a critical flaw that could be exploited to leak sensitive data from the application.<\/p>\n<p>The vulnerabilities are listed below &#8211;<\/p>\n<ul>\n<li><strong>CVE-2026-3055<\/strong> (CVSS score: 9.3) &#8211; Insufficient input validation leading to memory overread<\/li>\n<li><strong>CVE-2026-4368<\/strong> (CVSS score: 7.7) &#8211; Race condition leading to user session mixup<\/li>\n<\/ul>\n<p>Cybersecurity company Rapid7 <a href=\"https:\/\/www.rapid7.com\/blog\/post\/etr-cve-2026-3055-citrix-netscaler-adc-and-netscaler-gateway-out-of-bounds-read\/\" rel=\"noopener\" target=\"_blank\">said<\/a> that CVE-2026-3055 refers to an out-of-bounds read that could be exploited by unauthenticated remote attackers to leak potentially sensitive information from the appliance&#8217;s memory.<\/p>\n<p>However, for exploitation to be successful, the Citrix ADC or Citrix Gateway appliance must be configured as a SAML Identity Provider (SAML IDP), which means default configurations are unaffected. To determine if the device has been configured as a SAML IDP Profile, Citrix is urging customers to inspect their NetScaler Configuration for the specified string: \u00abadd authentication samlIdPProfile .*\u00bb<\/p>\n<div class=\"dog_two clear\">\n<div class=\"cf\"><a href=\"https:\/\/thehackernews.uk\/not-fast-enough-d\" rel=\"nofollow noopener sponsored\" target=\"_blank\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"Cybersecurity\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhlXM830ruQd2xT6M7JNeNRjaFa1onD12WjSCHihTFMTzbyfT9h-irPmXy_h3E1HGSs6sdv7FTmnyNVTM5kmSb7BuUtZe8gKoTQt99P1sSzRcqqXpOJP6eoAOhR3DGb6qHx9kOZ_HBZUMmVnsnd0DM7QfUp81bgzTvvgLww6oqB-EhnDfWXH5pWCYhAsyLs\/s728-e100\/tl-d.jpg\" width=\"729\" height=\"91\"\/><\/a><\/div>\n<\/div>\n<p>CVE-2026-4368, on the other hand, requires the appliance to be configured as a gateway (i.e., SSL VPN, ICA Proxy, CVPN, and RDP Proxy) or an Authentication, Authorization, and Accounting (<a href=\"https:\/\/docs.netscaler.com\/en-us\/citrix-adc\/current-release\/aaa-tm.html\" rel=\"noopener\" target=\"_blank\">AAA<\/a>) server. Customers can check the NetScaler Configuration to ascertain if their devices have been configured as either of the nodes &#8211;<\/p>\n<ul>\n<li>AAA virtual server &#8211; add authentication vserver .*<\/li>\n<li>Gateway &#8211; add vpn vserver .*<\/li>\n<\/ul>\n<p>The vulnerabilities affect NetScaler ADC and NetScaler Gateway versions 14.1 before 14.1-66.59 and 13.1 before 13.1-62.23, as well as NetScaler ADC 13.1-FIPS and 13.1-NDcPP before 13.1-37.262. Users are advised to apply the latest updates as soon as possible for optimal protection.<\/p>\n<p>While there is no evidence that the shortcomings have been exploited in the wild, security flaws in NetScaler devices have been repeatedly exploited by threat actors (CVE-2023-4966, aka Citrix Bleed, CVE-2025-5777, aka Citrix Bleed 2, CVE-2025-6543, and CVE-2025-7775), making it imperative that users take steps to update their instances.<\/p>\n<p>\u00abCVE-2026-3055 allows unauthenticated attackers to leak and read sensitive memory from NetScaler ADC deployments. If it sounds familiar, it&#8217;s because it is \u2013 this vulnerability sounds suspiciously similar to Citrix Bleed and Citrix Bleed 2, which continue to represent a trauma event for many,\u00bb watchTowr CEO and founder Benjamin Harris told The Hacker News.<\/p>\n<p>\u00abNetScalers are <a href=\"https:\/\/labs.watchtowr.com\/is-it-citrixbleed4-well-no-is-it-good-also-no-citrix-netscalers-memory-leak-rxss-cve-2025-12101\/\" rel=\"noopener\" target=\"_blank\">critical solutions<\/a> that have been continuously targeted for initial access into enterprise environments. While the advisory just went live, defenders need to act quickly. Anyone running impacted versions needs to patch urgently. Imminent exploitation is highly likely.\u00bb<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>\ue804Ravie Lakshmanan\ue802Mar 24, 2026Vulnerability \/ Enterprise Security Citrix has released security updates to address two vulnerabilities in NetScaler ADC and NetScaler Gateway, including a critical flaw that could be exploited&hellip;<\/p>\n","protected":false},"author":1,"featured_media":364,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[60,764,58,38,70,843,842,811,725,841],"class_list":["post-363","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-allowing","tag-citrix","tag-critical","tag-data","tag-flaw","tag-leaks","tag-netscaler","tag-patching","tag-unauthenticated","tag-urges"],"_links":{"self":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/363","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=363"}],"version-history":[{"count":0,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/363\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/media\/364"}],"wp:attachment":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=363"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=363"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=363"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}