Mastodawn

🏥 Healthcare organizations face ransomware threat from #NetScaler flaws ⚠️ Dual NetScaler vulnerabilities disclosed same week 🚨 CVE-2026-3055 vulnerability scores CVSS 9.3 📊 CVE-2026-4368 race condition scores CVSS 7.7 📱 Remote access and VPN services at elevated risk 💊 Covered entities must treat remediation as high priority #Healthcare #CyberSecurity #Network 👉 https://www.defensorum.com/citrix-vulnerabilities-netscaler-adc-netscaler-gateway/

Citrix Disclosed Vulnerabilities Affecting NetScaler ADC and NetScaler Gateway - Defensorum

Citrix disclosed a vulnerability tracked as CVE-2026-3055 in NetScaler ADC and NetScaler Gateway that can produce a memory overread whenever the application is configured as a SAML identity provider and that has a CVSS v4 severity score of 9.3. Details of the Vulnerability The flaw occurs in NetScaler ADC and NetScaler Gateway when configuring them ... Read more

Defensorum

The New Oil Mar 31

Critical #Citrix #NetScaler memory flaw actively exploited in attacks

https://www.bleepingcomputer.com/news/security/critical-citrix-netscaler-memory-flaw-actively-exploited-in-attacks/

#cybersecurity

Critical Citrix NetScaler memory flaw actively exploited in attacks

Hackers are exploiting a critical severity vulnerability, tracked as CVE-2026-3055, in Citrix NetScaler ADC and NetScaler Gateway appliances to obtain sensitive data.

BleepingComputer

RedPacket Security Mar 30

CVE Alert: CVE-2026-3055 - NetScaler - ADC - https://www.redpacketsecurity.com/cve-alert-cve-2026-3055-netscaler-adc/

#OSINT #ThreatIntel #CyberSecurity #cve-2026-3055 #netscaler #adc

CVE Alert: CVE-2026-3055 - NetScaler - ADC - RedPacket Security

Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread

RedPacket Security

Rene Robichaud Mar 30

CISA Adds One Known Exploited Vulnerability to Catalog - Citrix NetScaler Out-of-Bounds Read Vulnerability
https://www.cisa.gov/news-events/alerts/2026/03/30/cisa-adds-one-known-exploited-vulnerability-catalog

#Infosec #Security #Cybersecurity #CeptBiro #CISA #Vulnerability #Catalog #Citrix #NetScaler

securityaffairs Mar 29

Urgent Alert: #NetScaler bug CVE-2026-3055 probed by attackers could leak sensitive data
https://securityaffairs.com/190131/hacking/urgent-alert-netscaler-bug-cve-2026-3055-probed-by-attackers-could-leak-sensitive-data.html
#securityaffairs #hacking

Urgent Alert: NetScaler bug CVE-2026-3055 probed by attackers could leak sensitive data

Attackers are actively probing a critical Citrix NetScaler flaw (CVE-2026-3055) that can leak sensitive data via a memory overread issue.

Security Affairs

Tim (Wadhwa-)Brown

Mar 28

Citrix oofsie reaches primetime:

https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300

#netscaler, #threatintel

Loading...

Andi Mar 27

Zwei kritische Schwachstellen beherrschen die Lage für deutsche Unternehmen.
Das BSI warnt vor einer aktiv ausgenutzten Lücke in Microsoft SharePoint. Die CISA hatte die Schwachstelle am 18. März in ihren Katalog ausgenutzter Sicherheitslücken aufgenommen. CERT-EU veröffentlichte am 25. März ein Advisory und verwies auf Maßnahmen aus der ToolShell-Angriffskampagne des Vorjahres. Der CVSS-Score liegt bei 9.8 von 10 und wurde hochgestuft, nachdem sich herausstellte, dass eine Ausnutzung auch ohne Authentifizierung möglich ist.
Parallel dazu hat CERT-Bund am 24. März Alarm wegen zweier Schwachstellen in Citrix NetScaler ADC und NetScaler Gateway geschlagen. CVE-2026-3055 ermöglicht es nicht authentifizierten Angreifern, aktive Session-Token aus dem Speicher betroffener Geräte auszulesen. CVE-2026-4368 kann durch eine Race Condition zur Übernahme fremder Benutzersitzungen führen. Besonders gefährdet sind Systeme, die als SAML Identity Provider konfiguriert sind, also eine in Unternehmensumgebungen weit verbreitete Konfiguration für Single Sign-On. Sicherheitsforscher bewerten eine baldige aktive Ausnutzung als sehr wahrscheinlich.
Sofortmaßnahmen: SharePoint patchen, NetScaler aktualisieren und aktiven Sessions beenden.

Cybersicherheitswarnung 2026-238220-1032 (25.03.2026) | CERT-Bund WID-SEC-2026-0836 (24.03.2026)
CVE-2026-20963 | CVE-2026-3055 | CVE-2026-4368
#Informationssicherheit #CISO #BSI #SharePoint #Citrix #NetScaler #Patchmanagement #NIS2 #CyberSecurity #ITSicherheit

The New Oil Mar 26

#Citrix urges admins to patch #NetScaler flaws as soon as possible

https://www.bleepingcomputer.com/news/security/citrix-urges-admins-to-patch-netscaler-flaws-as-soon-as-possible/

#cybersecurity

Citrix urges admins to patch NetScaler flaws as soon as possible

Citrix has patched two NetScaler ADC and NetScaler Gateway vulnerabilities, one of which is very similar to the CitrixBleed and CitrixBleed2 flaws exploited in zero-day attacks in recent years.

BleepingComputer

CyberNetsecIO Mar 24

📰 Citrix Scrambles to Patch Critical 'CitrixBleed'-like Flaw in NetScaler Products

⚠️ Critical Citrix NetScaler flaw CVE-2026-3055 (CVSS 9.3) allows data theft, drawing comparisons to CitrixBleed. Unauthenticated attackers can read sensitive memory. Patch immediately! #Citrix #NetScaler #CyberSecurity #CVE

🔗 https://cyber.netsecops.io/articles/critical-citrix-netscaler-flaw-cve-2026-3055-exposes-sensitive-data/?utm_source=mastodon&utm_medium=social&utm_campaign=twitter_auto

Citrix Scrambles to Patch Critical 'CitrixBleed'-like Flaw in NetScaler Products

Citrix releases urgent patches for CVE-2026-3055, a critical 9.3 CVSS vulnerability in NetScaler ADC and Gateway that could lead to sensitive data exposure. Learn about the affected versions and mitigation steps.

CyberNetSec.io

Erik Jonker Mar 24

Is it just me or are those security vulnerablities in Citrix never stopping.... 🙄
https://securityaffairs.com/189908/security/citrix-netscaler-critical-flaw-could-leak-data-update-now.html
#cybersecurity #citrix #netscaler #CVE

Citrix NetScaler critical flaw could leak data, update now - Security Affairs

Citrix warns of a critical NetScaler flaw (CVE-2026-3055) that could leak sensitive data; users are urged to apply security updates immediately.

Security Affairs