1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Critical Citrix NetScaler flaw gets official patch warning from C

    From TechnologyDaily@1337:1/100 to All on Tuesday, March 31, 2026 17:15:26
    Critical Citrix NetScaler flaw gets official patch warning from CISA

    Date:
    Tue, 31 Mar 2026 15:05:00 +0000

    Description:
    CISA is giving FCEB agencies a tight deadline to patch as researchers
    discover evidence of abuse.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Tech Radar Pro Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Become a Member in Seconds Unlock instant access to exclusive member features. Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. You are
    now subscribed Your newsletter sign-up was successful Join the club Get full access to premium articles, exclusive features and a growing list of member rewards. Explore An account already exists for this email address, please log in. Subscribe to our newsletter CISA adds Citrix CVE20263055 to Known Exploited Vulnerabilities catalog, confirming inthewild abuse Critical input validation flaw in NetScaler ADC/Gateway SAML IDP enables memory overread and data access Exploitation observed since March 27; ~30K NetScaler and 2K Gateway instances exposed, agencies must patch by April 2 The US
    Cybersecurity and Infrastructure Security Agency (CISA) recently added a new Citrix vulnerability to its catalog of known exploited flaws (KEV), signaling abuse in the wild, and urging government agencies to apply the fix immediately.

    The bug in question is an insufficient input validation vulnerability in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP. It can
    lead to memory overread which, in practical terms, can allow threat actors to access sensitive data, or run unauthorized actions. Depending on how the vulnerable software is used, the bug could also be chained with other flaws
    to escalate access and gain broader control. Article continues below You may like This Wing FTP Server flaw is being actively exploited in attacks CISA says mitigate now Cisco warns of critical SD-WAN security flaw which has been open since 2023 US government told to patch high-severity Gogs security issue or face attack Ample evidence It is tracked as CVE-2026-3055 and was given a severity score of 9.3/10 (critical). The bug affects versions before 14.1-60.58, older than 13.1-662.23, and older than 13.1-37.262, and were recently fixed in these versions:

    NetScaler ADC / Gateway 14.1-66.59 or later NetScaler ADC / Gateway
    13.1-62.23 or later NetScaler ADC 13.1-FIPS / NDcPP 13.1-37.262 or later.

    Besides CISA, multiple commercial cybersecurity companies also confirmed seeing this bug being abused in the wild. According to BleepingComputer ,
    some even said they looked a lot like CitrixBleed and CitrixBleed2 - two
    major vulnerabilities discovered a few years ago.

    watchTowr, for example, said it saw reconnaissance activity over the weekend, targeting vulnerable endpoints. These probes usually follow a broader compromise, or attack campaigns, and the researchers confirmed it a day
    later: In-the-wild exploitation has begun, with evidence from our honeypot network showing exploitation from known threat actor source IPs as of March 27th, they said. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners
    or sponsors By submitting your information you agree to the Terms &
    Conditions and Privacy Policy and are aged 16 or over.

    Currently, there are almost 30,000 NetScaler and more than 2,000 Gateway instances exposed on the internet, but we dont know how many of these have already deployed Citrixs patches. Federal Civilian Executive Branch (FCEB) agencies have until April 2 to upgrade.

    Via BleepingComputer The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/critical-citrix-netscaler-flaw-gets-off icial-patch-warning-from-cisa


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)