Citrix NetScaler CVE-2026-3055: A 9.8 SAML Bug Is Being Mass-Exploited, and Your GitHub Feed Won't Save You

There is a critical vulnerability in Citrix NetScaler ADC and NetScaler Gateway right now, it is being exploited at scale against internet-facing appliances, and if your threat feed is built on harvesting GitHub proof-of-concept code, you did not hear about it from your feed. We didn't either. That second sentence is the honest part, and it is also the whole point of this post.

CVE-2026-3055 is an out-of-bounds read — a memory overread — in NetScaler ADC and NetScaler Gateway when the appliance is configured as a SAML Identity Provider. An unauthenticated attacker sends specially crafted SAML-related requests, the appliance reads past the bounds of a buffer, and the leaked memory can contain session material an attacker can turn into access. Citrix scores it 9.3 on CVSS v4.0; the NVD-aligned v3.1 framing puts it at 9.8. Either way it is in the red, it is unauthenticated, and it sits on the part of your network that exists specifically to be reachable from the internet.

Citrix published the bulletin on March 23, 2026. Public reporting confirmed exploitation in the wild within about a week. Fortinet's threat intelligence team has now confirmed large-scale exploitation against internet-facing NetScaler appliances acting as SAML IDPs, and CISA has added it to the Known Exploited Vulnerabilities catalog. This is not a theoretical chain. This is a perimeter device being read like an open book.

Here is what to do, in order, today.

Patch first. The fixed builds are NetScaler 14.1-66.59 or later, 13.1-62.23 or later, and for the FIPS and NDcPP variants, 13.1-37.262 or later. Anything on 14.1 before 14.1-66.59 or 13.1 before 13.1-62.23 is exposed. There is no configuration workaround that substitutes for the patch; if the appliance is a SAML IDP and it is reachable, it is in scope.

Then rotate, because patching a memory-overread bug does not un-leak whatever already leaked. After you patch, rotate the SAML signing certificate and any other cryptographic material the IDP touched. This is the step people skip, and it is the step that turns a patched box back into a trusted box. Treat any secret that lived in that appliance's memory during the exposure window as burned. That is not paranoia, that is the only correct posture for an overread bug on an authentication device — you assume the breach and you rotate first, because the logs will not exonerate you and visibility, not evidence, is the trigger.

Then hunt, because Citrix has not published attacker IP addresses, file hashes, or filenames, which means there is no tidy IOC list to paste into a block rule. The indicators here are behavioral, and they live in your own logs. Review NetScaler access and authentication logs for unusual SAML assertion activity, for IDP-initiated logins that do not map to a real user session, for connections originating from hosting-provider and cloud ranges that have no business authenticating against your gateway, for unexpected changes to SAML configuration or signing certificates, and for local accounts that appeared without a change ticket behind them. Those are the fingerprints of this class of attack, and they are detectable without a single hash if you are actually reading the appliance's own telemetry.

Now the methodology note, because it is the most useful thing we can give you and because pretending otherwise would be dishonest.

We run an automated exploit harvester that sweeps GitHub every six hours, extracts PoC code, and turns it into detection rules. It is good at what it does. Two weeks ago it caught the entire public PoC ecosystem for the cPanel auth-bypass CVE-2026-41940 — six-plus repositories indexed on May 11, weeks before that bug hit CISA's KEV list on June 4. That is the model working exactly as designed: commodity vulnerabilities get commodity exploit code, and commodity exploit code shows up on GitHub where we can see it coming.

CVE-2026-3055 is the other kind. SAML memory-overread exploitation against a closed-source appliance does not get farmed into a hundred public repos. It lives in the hands of operators who do not publish, against a target most researchers cannot legally stand up to test. A GitHub-shaped sensor has a GitHub-shaped blind spot, and an honest threat program names its blind spots out loud instead of pretending its coverage is total. We guarantee five percent of what matters is outside any single sensor. The discipline is knowing which five percent, and pairing the GitHub harvest with vendor-advisory ingestion and your own appliance logs so the blind spot has something behind it.

If you run NetScaler as a SAML IDP, the correct mental model for the next 48 hours is assume-breach. Patch, rotate the signing material, read the authentication logs cold, and write down what you find. The window for defense on a mass-exploited 9.8 is measured in hours, not weeks — and the appliance that was supposed to prove who your users are is, until you rotate it, proving nothing at all.

How do AI models see YOUR brand?

AIPM has audited 250+ domains. 15 seconds. Free while still in beta.

Audit your site now → aipmsec.com