New critical Citrix NetScaler hole of similar severity to CitrixBleed2, says expert
Summary
A new critical vulnerability, CVE-2026-3055, has been identified in Citrix NetScaler devices configured as SAML IDPs. This out-of-bounds read vulnerability allows unauthenticated remote attackers to leak sensitive information from the appliance's memory, similar to previous CitrixBleed vulnerabilities.
IFF Assessment
This vulnerability is a significant threat as it allows unauthenticated attackers to steal sensitive information and gain initial access, mirroring the impact of previous critical Citrix vulnerabilities.
Severity
Defender Context
Organizations using vulnerable Citrix NetScaler devices, especially those configured as SAML IDPs, must prioritize patching this critical vulnerability immediately. The similarity to previous high-impact memory leak vulnerabilities like CitrixBleed means this will likely be a prime target for threat actors seeking initial access.