New NetScaler flaw sees rapid exploitation.

Citrix’s newly disclosed CVE‑2026‑3055 began seeing reconnaissance within days and active exploitation by March 27, according to WatchTowr. The bug affects NetScaler ADC and Gateway appliances configured as SAML identity providers and allows attackers to leak sensitive memory through crafted requests. Researchers say the flaw behaves similarly to CitrixBleed‑style issues, where a missing parameter value causes the appliance to expose dynamic memory that can reveal administrative session data. WatchTowr demonstrated that this leakage can grant full administrative access, and organizations running unpatched versions are urged to update immediately.

Read more:

https://www.securityweek.com/exploitation-of-fresh-citrix-netscaler-vulnerability-begins/