A critical security vulnerability affecting Citrix NetScaler ADC and NetScaler Gateway has been identified as undergoing active reconnaissance. This flaw, designated as CVE-2026-3055 with a CVSS score of 9.3, is attributed to insufficient input validation that may lead to a memory overread, potentially allowing attackers to access sensitive information.
Details of the Vulnerability
According to Citrix, successful exploitation of CVE-2026-3055 requires the appliance to be configured as a SAML Identity Provider (SAML IDP). Recent observations by Defused Cyber indicate that attackers are actively probing the /cgi/GetAuthMethods endpoint to enumerate authentication methods enabled on Citrix devices.
Current Threat Landscape
Defused Cyber noted on social media that they are witnessing auth method fingerprinting activity against NetScaler ADC and Gateway. This reconnaissance is likely aimed at confirming whether these devices are configured as SAML IDPs. Similarly, watchTowr has reported detecting active reconnaissance against NetScaler instances in its honeypot network, suggesting that exploitation could occur imminently.
Recommended Actions for Organizations
Organizations utilizing affected versions of Citrix NetScaler are urged to take immediate action. The vulnerability impacts versions 14.1 prior to 14.1-66.59 and 13.1 before 13.1-62.23, as well as NetScaler ADC 13.1-FIPS and 13.1-NDcPP before 13.1-37.262. WatchTowr emphasizes the need for organizations to apply patches without delay, as the window for response diminishes once reconnaissance transitions to active exploitation.
Historical Context of Vulnerabilities
This incident is part of a broader trend, as several vulnerabilities affecting NetScaler have previously been exploited in the wild. Notable examples include CVE-2023-4966 (Citrix Bleed), CVE-2025-5777 (Citrix Bleed 2), CVE-2025-6543, and CVE-2025-7775. This history underscores the importance of prompt updates to safeguard against potential threats.
This article was produced by NeonPulse.today using human and AI-assisted editorial processes, based on publicly available information. Content may be edited for clarity and style.
