Critical Memory Overread in Citrix NetScaler ADC & Gateway (CVE‑2026‑3055) Threatens Session Token Confidentiality
What It Is — Citrix disclosed a critical vulnerability (CVE‑2026‑3055) in NetScaler ADC and NetScaler Gateway that permits an attacker to read memory and extract active session tokens. The flaw originates from insufficient input validation, resulting in a memory over‑read.
Exploitability — No public proof‑of‑concept or in‑the‑wild exploitation has been reported, but the attack requires low complexity and a reachable network path. An estimated CVSS v3.1 score of 9.8 (Critical) reflects the potential impact. Patches are already available.
Affected Products — NetScaler ADC 13.1‑FIPS, 13.1‑NDcPP, 13.1 (versions < 13.1‑62.23) and 14.1 (versions < 14.1‑66.59); NetScaler Gateway versions matching the same release line. Systems configured as a SAML Identity Provider are specifically vulnerable, while default configurations are not.
TPRM Impact — A compromised third‑party gateway can expose authentication tokens used to access internal applications and SaaS services, creating a supply‑chain credential leak. Organizations that outsource remote access, load‑balancing, or single‑sign‑on to Citrix may inadvertently expose partner data and downstream services.
Recommended Actions —
- Apply Citrix’s security patches for ADC and Gateway immediately.
- Verify that no appliance remains on a vulnerable firmware version.
- Enforce network‑level segmentation (firewall, zero‑trust) to limit inbound access to the appliances.
- Review and, if necessary, re‑configure SAML IdP settings; rotate session secrets after patching.
- Enable and monitor detailed logging for anomalous memory‑read or token‑theft activity.
Source: Help Net Security – Critical NetScaler ADC, Gateway flaw may soon be exploited (CVE‑2026‑3055)