Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug

Overview

Citrix has released security updates to address two vulnerabilities in NetScaler ADC and NetScaler Gateway, including a critical flaw that could be exploited to leak sensitive data from the application. The vulnerabilities are listed below - CVE-2026-3055 (CVSS score: 9.3) - Insufficient input validation leading to memory overread CVE-2026-4368 (CVSS score: 7.7) - Race condition leading to user

Vulnerability Details

• CVE-2026-3055: Referenced in source reporting from thehackernews, thehackernews.
• CVE-2026-4368: Referenced in source reporting from thehackernews, thehackernews.

Organisations Involved

The following organisations are mentioned in relation to this incident: Citrix Urges Patching Critical, Defused Cyber, Flaw Allowing Unauthenticated Data Leaks
Citrix, Memory Overread Bug, Under Active Recon.

Multi-Source Coverage

This event has been reported across multiple outlets:

• Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks — thehackernews
• Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug — thehackernews

Sources: thehackernews. Aggregated by Cybernews Agency pipeline.