"An unpatched/vulnerable Citrix NetScaler will mistakenly check only for its presence before accessing the buffer associated with the variable, rather than checking for the presence of associated data."
"The lack of a value in the request leads to the exposure of dead memory. Because the memory is dynamic, sending the same request multiple times results in leaking different information."
"WatchTowr says it has used this exploitation path to demonstrate sensitive information leakage by disclosing the ID of an authenticated administrative session."
A critical vulnerability in Citrix NetScaler, tracked as CVE-2026-3055, has been actively exploited less than a week after its disclosure. The flaw affects specific versions of NetScaler ADC and Gateway appliances configured as SAML Identity Providers. WatchTowr reported the first reconnaissance attempts and confirmed active exploitation, which involves memory overread issues that can leak sensitive information. The exploitation method resembles previous vulnerabilities, allowing attackers to access dead memory and potentially sensitive session data.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]