Citrix NetScaler Vulnerability Under Active Reconnaissance
A critical security flaw affecting Citrix NetScaler ADC and NetScaler Gateway has been disclosed, with active reconnaissance activities reported by Defused Cyber and watchTowr.
The vulnerability, known as CVE-2026-3055 with a CVSS score of 9.3, involves insufficient input validation leading to memory overread, potentially leaking sensitive information.
Citrix warns that successful exploitation of the flaw requires the appliance to be configured as a SAML Identity Provider (SAML IDP).
Defused Cyber mentioned, “We are now observing auth method fingerprinting activity against NetScaler ADC/Gateway in the wild,” indicating attackers probing for enabled authentication flows.
watchTowr also detected active reconnaissance against NetScaler instances, highlighting the need for organizations to patch affected configurations immediately.
The vulnerability impacts various versions of NetScaler ADC and NetScaler Gateway, emphasizing the importance of staying updated to protect against potential exploitation.
Users are advised to apply the latest updates promptly to safeguard their systems from known vulnerabilities like CVE-2023-4966 and CVE-2025-7775.
Stay vigilant and proactive in securing your Citrix NetScaler deployments to minimize the risk of cyber threats.
