CISA tells federal agencies to patch Citrix NetScaler bug by Thursday

Steven

CISA tells federal agencies to patch Citrix NetScaler bug by Thursday

Summary

The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch CVE-2026-3055 by Thursday after incident responders reported active exploitation. The flaw affects Citrix NetScaler application delivery controllers (ADC), specifically the NetScaler Gateway that handles user access and authentication.

The vulnerability allows unauthenticated requests that can disclose sensitive memory and carries a CVSS severity of 9.3/10. Citrix released patches on 23 March and security firm watchTowr reported exploitation the following weekend. Analysts note the bug bears similarities to prior ‘Citrix Bleed’ issues that were widely abused for initial access into enterprise environments.

Key Points

  • CISA issued an urgent directive: federal agencies must patch CVE-2026-3055 by Thursday after reports of exploitation.
  • The flaw impacts Citrix NetScaler ADC and NetScaler Gateway, enabling unauthenticated memory disclosure (CVSS 9.3).
  • Citrix published fixes on 23 March; watchTowr observed active exploitation soon after.
  • Researchers say the vulnerability resembles past Citrix Bleed vulnerabilities that were used by ransomware gangs and nation-state actors.
  • Known targets reportedly include the Pennsylvania Office of the Attorney General and the Netherlands’ Public Prosecution Service.
  • Organisations that self-host NetScaler appliances should prioritise patching, restrict management interfaces, and monitor logs for suspicious activity.

Context and relevance

This is the latest in a string of high-impact NetScaler vulnerabilities that repeatedly draw attackers because these appliances sit at the network edge and handle authentication. Past Citrix Bleed incidents affected hospitals and critical infrastructure and prompted emergency directives; the pattern makes this new exploitation particularly worrying for large organisations running on-prem NetScaler gateways.

Why should I read this?

Short answer: if you run NetScaler kit — stop reading this and patch it now. If you don’t run NetScaler, still worth a skim: these bugs keep being used to break into big organisations, so the knock-on risks (service disruption, data theft, ransomware) are real. We’ve done the legwork so you can get straight to action: patch, firewall off management interfaces, and hunt for suspicious access.

Source

Source: https://therecord.media/cisa-tells-federal-agencies-to-patch-citrix-netscaler-bug