If your organisation runs a Citrix NetScaler appliance as its front door for remote access or single sign-on, treat this as an emergency. A critical memory-disclosure flaw now nicknamed CitrixBleed 3 is under large-scale, real-world exploitation, and the cruel twist is that simply installing the patch does not make you safe. Attackers who already grabbed a session token can keep using it long after your appliance is fully updated.

This is the same playbook that turned the original CitrixBleed into a year-long ransomware bonanza. We have seen this movie before, and the ending depends entirely on what you do in the next 48 hours.

A patched-but-not-session-flushed NetScaler is the worst of both worlds: the front door is locked, and the attacker is already inside holding a key the lock still accepts.

Key Takeaways

  • CVE-2026-3055 (“CitrixBleed 3”) is an unauthenticated out-of-bounds memory read in NetScaler ADC and NetScaler Gateway, rated CVSS v4 9.3 (Critical).
  • It only affects appliances configured as a SAML identity provider (SAML IdP), but that is an extremely common enterprise SSO setup.
  • The flaw leaks raw appliance memory — including active session tokens — letting attackers hijack authenticated VPN and gateway sessions without any credentials.
  • Citrix disclosed it on 23 March 2026; CISA added it to the KEV catalog on 30 March 2026; Fortinet confirmed large-scale exploitation in early June 2026.
  • Patching is not enough. You must also terminate all existing sessions to revoke tokens stolen before the upgrade.

What Happened: A Memory Leak With a Long Tail

On 23 March 2026, Citrix published security bulletin CTX696300 covering two NetScaler flaws. The serious one is CVE-2026-3055, described as “insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread” (CWE-125). In plain English: a remote, unauthenticated attacker can send malformed requests to the SAML endpoint and trick the appliance into returning chunks of its own memory in the response.

That leaked memory is the prize. NetScaler keeps live session material in memory, so the overread can spill valid session tokens for already-authenticated users. An attacker who replays one of those tokens is handed an active VPN or gateway session — no password, no MFA prompt, no brute force. It is identity theft at the network edge, and it is exactly why this bug earned the CitrixBleed name, echoing CVE-2023-4966 from 2023, which LockBit 3.0 and other ransomware crews rode into hundreds of enterprises.

The second flaw, CVE-2026-4368, is a race condition (CWE-362) rated CVSS v4 7.7 that can cause a user-session mix-up on Gateway or AAA virtual servers. It is narrower — only build 14.1-66.54 is affected — but it ships in the same fix, so address both together.

Within days of disclosure, researchers at watchTowr and Defused observed exploitation against honeypots simulating real infrastructure. CISA added CVE-2026-3055 to its Known Exploited Vulnerabilities catalogue on 30 March with a 2 April remediation deadline. Then, in early June 2026, Fortinet’s threat-intelligence team confirmed large-scale exploitation against internet-facing NetScaler appliances acting as SAML IdPs. The slow-burn pattern is the real danger: a flaw disclosed in March is still a live emergency in June because so many organisations patched the binary but never invalidated the tokens already stolen from them.

Technical Breakdown

Attribute CVE-2026-3055 (CitrixBleed 3) CVE-2026-4368
Type Out-of-bounds read / memory overread (CWE-125) Race condition / session mix-up (CWE-362)
CVSS 9.3 (v4) / 9.8 (v3.1) — Critical 7.7 (v4) — High
Authentication None required (unauthenticated, remote) None required
Prerequisite config Configured as SAML IdP Gateway (VPN/ICA/CVPN/RDP) or AAA vServer
Impact Leaks memory incl. session tokens → session hijack User session mix-up
Exploitation Confirmed in the wild; in CISA KEV Not confirmed exploited

The CVSS v4 vector for CVE-2026-3055 (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H) tells the whole story: network-reachable, low complexity, no privileges, no user interaction. CISA’s SSVC assessment flags it as automatable with total technical impact — the textbook profile for mass scanning and spray exploitation.

What Exploitation Looks Like on the Wire

Defenders have reported a recognisable signature: repeated malformed requests to the SAML endpoints, anomalous NSC_TASS responses carrying base64-encoded memory, and — the tell-tale sign of a successful hijack — the replay of a session token from an autonomous system (ASN) or geography the legitimate user has never logged in from. If you see a valid session suddenly active from an unexpected network, assume token theft, not coincidence.

Who’s Affected

The vulnerable versions of NetScaler ADC and NetScaler Gateway are:

  • 14.1 before 14.1-66.59 (the 14.1-60.x train is fixed in 14.1-60.58)
  • 13.1 before 13.1-62.23
  • 13.1-FIPS / 13.1-NDcPP before 13.1-37.262

Critically, NetScaler 12.1 and 13.0 are end-of-life — they are vulnerable and will not receive a fix. If you are still on those trains, you are not patching your way out; you are migrating, urgently.

For Indian and Delhi-NCR enterprises, NetScaler sits at the heart of countless remote-access and SSO deployments across BFSI, IT/ITES, manufacturing, and government-adjacent bodies. Any appliance that fronts employee VPN or federates logins via SAML is squarely in scope. Managed-service and cloud-hosted NetScaler instances are not exempt — if it is internet-facing and a SAML IdP, it is a target.

Remediating CitrixBleed 3 in three steps
The 48-hour remediation priority order for CitrixBleed 3.

What You Should Do

Here is the Sanjay Seth playbook — in priority order. Steps 1 and 2 are both mandatory; doing one without the other leaves you exposed.

1. Patch immediately

Upgrade every NetScaler ADC and Gateway appliance to a fixed build: 14.1-66.59 (or 14.1-60.58 on that train), 13.1-62.23, or 13.1-37.262 for FIPS/NDcPP. There is no reliable configuration workaround that preserves SAML IdP functionality, so patching is non-negotiable.

2. Terminate all active sessions — do not skip this

This is the step that turned CitrixBleed into a year-long incident when organisations skipped it. After upgrading, flush every existing session so any tokens stolen before the patch become useless:

  • kill icaconnection -all
  • kill pcoipConnection -all
  • kill aaa session -all
  • kill rdp connection -all

Then rotate any secrets that could have been exposed in leaked memory — SAML signing material and service-account credentials in particular.

3. Confirm whether you are actually in scope

Inspect your running configuration (ns.conf) for the markers that make you vulnerable: add authentication samlIdPProfile indicates a SAML IdP, while add authentication vserver and add vpn vserver indicate AAA/Gateway exposure. This tells you which CVE applies and helps you prioritise.

4. Hunt for prior compromise

Because exploitation has been live since late March, patching today does not rule out an existing breach. Review logs for malformed SAML requests, large or anomalous NSC_TASS responses, and session reuse from unfamiliar ASNs or countries. If you cannot prove you were clean before patching, treat it as an incident-response engagement, not a routine update.

5. Reduce the blast radius with zero trust

Edge appliances should never be a single point of total trust. Enforce phishing-resistant MFA at the application layer, bind sessions to device posture, restrict the management interface to an out-of-band network, and put internet-facing NetScaler behind continuous monitoring. The goal is that one leaked token cannot, by itself, unlock the kingdom.

Frequently Asked Questions

Is CitrixBleed 3 the same as the original CitrixBleed?

No — it is a different CVE (CVE-2026-3055 versus CVE-2023-4966), but the class is the same: an unauthenticated memory leak that exposes session tokens. The nickname reflects the identical real-world impact and the same patch-plus-session-kill remediation requirement.

I have already patched. Am I safe?

Not necessarily. If you patched but did not terminate active sessions, any token stolen before the upgrade may still be valid. Run the kill-session commands and rotate exposed secrets, then hunt for signs of prior access.

We are not configured as a SAML IdP. Are we vulnerable to CVE-2026-3055?

The memory-overread flaw specifically requires the SAML IdP configuration. However, CVE-2026-4368 affects Gateway and AAA virtual servers, so most production NetScaler deployments should apply the fix regardless.

What if we are still on NetScaler 12.1 or 13.0?

Those versions are end-of-life and will not be patched. You are vulnerable with no vendor fix coming — plan an immediate migration to a supported 13.1 or 14.1 build, and isolate the legacy appliance until you do.

Don’t Wait for the Ransom Note

CitrixBleed 3 is the rare vulnerability where the patch is the easy part and the discipline around it is what actually saves you. If you operate NetScaler ADC or Gateway, my team can validate your patch level, confirm whether stolen tokens were ever used against you, and harden your edge so a single leaked session can never become a full breach. Contact Sanjay Seth for a focused NetScaler exposure assessment and zero-trust review — before an attacker tests your front door for you.