Ethical Hacking News
U.S. CISA Adds a Flaw in Citrix NetScaler to its Known Exploited Vulnerabilities Catalog: A critical vulnerability has been exposed in Citrix NetScaler, allowing unauthenticated attackers to leak sensitive information from the appliance's memory. Customers should patch immediately and follow CISA orders to protect their networks against attacks exploiting this flaw.
The US Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw in Citrix NetScaler to its Known Exploited Vulnerabilities catalog, CVE-2026-3055.The vulnerability allows unauthenticated remote attackers to leak sensitive information from the appliance's memory.Threat actors are already actively exploiting this vulnerability, and experts warn that exploit code will be released soon.A second vulnerability, CVE-2026-4368, has a CVSS score of 7.7 and causes session mix-ups, and federal agencies have until April 2, 2026, to address it.Other organizations are being targeted by APT groups, including Southeast Asian governments and chemical manufacturers.CISA recommends that private organizations review the Catalog and address these vulnerabilities in their infrastructure.
U.S. CISA Adds a Flaw in Citrix NetScaler to its Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw in Citrix NetScaler, tracked as CVE-2026-3055, to its Known Exploited Vulnerabilities catalog. This vulnerability, which has been classified as an out-of-bounds read with a CVSS score of 9.3, allows unauthenticated remote attackers to leak potentially sensitive information from the appliance's memory.
Citrix discovered this vulnerability internally, but it is now being actively exploited by threat actors. The company has issued security updates for two NetScaler vulnerabilities, including the critical one mentioned above. However, these updates have not been implemented in a timely manner, leaving many organizations vulnerable to attack.
The flaw CVE-2026-3055 can be triggered only if Citrix ADC or Citrix Gateway are configured as a SAML Identity Provider (IDP). This configuration is likely common among organizations using single sign-on. To determine whether their NetScaler appliance is set up as a SAML IDP, customers should look for the configuration string "add authentication samlIdPProfile .*".
Experts warn that this vulnerability has no known in-the-wild exploits or public proof-of-concept at this time. However, it is only a matter of time before exploit code is released, and attacks become common. As similar memory-leak flaws like "CitrixBleed" (CVE-2023-4966) were widely exploited in 2023, customers should patch immediately.
The second vulnerability fixed by the vendor is a race condition tracked as CVE-2026-4368 with a CVSS score of 7.7 that causes session mix-ups. According to the Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, federal agencies have until April 2, 2026, to address this vulnerability and protect their networks against attacks exploiting the flaw in the catalog.
In addition to the Citrix NetScaler flaws, other organizations are also being targeted by various APT groups. For instance, China-Linked groups were identified as targeting Southeast Asian governments with advanced malware in 2025. Furthermore, Qilin Ransomware allegedly breached chemical manufacturer giant Dow Inc., while Handala, an Iran-linked group, hacked FBI Director Kash Patel's personal email account.
In light of these critical vulnerabilities and ongoing attacks, it is essential for organizations to prioritize their cybersecurity posture and implement measures to protect themselves against such threats. CISA orders federal agencies to fix the vulnerability by April 2, 2026, while experts recommend that private organizations review the Catalog and address the vulnerabilities in their infrastructure.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Citrix-NetScaler-Flaw-A-Critical-Vulnerability-Exposed-ehn.shtml
https://securityaffairs.com/190197/security/u-s-cisa-adds-a-flaw-in-citrix-netscaler-to-its-known-exploited-vulnerabilities-catalog.html
https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-actively-exploited-citrix-flaw-by-thursday/
https://windowsforum.com/threads/cisa-adds-citrix-netscaler-cve-2026-3055-to-kev-patch-netscaler-now.408563/
https://nvd.nist.gov/vuln/detail/CVE-2026-3055
https://www.cvedetails.com/cve/CVE-2026-3055/
https://nvd.nist.gov/vuln/detail/CVE-2026-4368
https://www.cvedetails.com/cve/CVE-2026-4368/
Published: Tue Mar 31 06:01:22 2026 by llama3.2 3B Q4_K_M
