Hackers are actively exploiting a critical vulnerability, CVE-2026-3055, in Citrix NetScaler ADCs that impacts the NetScaler Gateway used for user access, allowing unauthenticated requests to disclose sensitive memory. Citrix patched the flaw on March 23 after exploitation was reported, and CISA ordered federal agencies to apply the update immediately to prevent initial access by attackers. #CVE-2026-3055 #CitrixNetScaler
Keypoints
- CVE-2026-3055 affects Citrix NetScaler ADCs and the NetScaler Gateway, enabling sensitive memory disclosure.
- The vulnerability has a severity score of 9.3 out of 10 and was patched by Citrix on March 23.
- CISA ordered federal agencies to patch immediately after incident responders reported active exploitation.
- watchTowr reported the exploitation and noted similarities to prior CitrixBleed vulnerabilities used by ransomware and nation-state actors.
- Reported targets include the Pennsylvania Office of the Attorney General and the Netherlandsโ Public Prosecution Service, underscoring NetScalerโs appeal as an initial access vector.
Read More: https://therecord.media/cisa-tells-federal-agencies-to-patch-citrix-netscaler-bug