On March 23, 2026, Citrix released fixes for a critical vulnerability affecting NetScaler ADC and NetScaler Gateway (CVE‑2026‑3055) that allows unauthenticated threat actors to perform out-of-bounds memory reads.

ArcticWolf's platform is a central hub for cybersecurity professionals, offering insights into managed detection and response (MDR), threat intelligence, and security operations. Through articles, reports, and webinars, ArcticWolf offers insights into detecting and responding to cybersecurity threats effectively. Security analysts can learn about threat hunting, incident response strategies, and security best practices to protect organizations from cyberattacks.

Arctic Wolf

Citrix released fixes on March 23, 2026 for CVE-2026-3055, a critical vulnerability in NetScaler ADC and NetScaler Gateway that enables unauthenticated out-of-bounds memory reads. Exploitation requires the appliance to be configured as a SAML Identity Provider. No in-the-wild exploitation or public proof-of-concept has been reported yet, but the low attack complexity and historical targeting of similar Citrix Bleed vulnerabilities (CVE-2023-4966, CVE-2025-5777) make rapid patching urgent. Affected versions include 14.1 before 14.1-66.59 and 13.1 before 13.1-62.23, with fixed versions available. Citrix-managed cloud services are automatically patched.