"Customers can determine if they have an appliance configured as a SAML IDP Profile by inspecting their NetScaler Configuration for the specified string: add authentication samlIdPProfile .*."
"Harris warns that the bug could allow unauthenticated attackers to leak and read sensitive memory from vulnerable deployments and that exploitation is likely to start soon."
"Rapid7 believes that attacks targeting CVE-2026-3055 could start as soon as exploitation code becomes public."
Citrix announced patches for a critical vulnerability in NetScaler ADC and Gateway, tracked as CVE-2026-3055, which could lead to sensitive memory leaks. This flaw affects deployments configured as SAML Identity Providers. Fixes are included in specific versions of the software. Additionally, the updates address CVE-2026-4368, a high-severity race condition issue. Security experts warn that CVE-2026-3055 poses significant risks, potentially allowing unauthenticated attackers to exploit the vulnerability. Although no known exploitation exists, researchers anticipate that attacks may begin once exploitation code is made public.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]