Dual memory-overread flaws unlock Citrix NetScaler doors (CVE-2026-3055) Part 2

March 30, 2026 at 07:49 AM

•

1 min read

Dual memory-overread flaws unlock Citrix NetScaler doors (CVE-2026-3055) Part 2 — Photo: watchTowr Labs

TL;DR Summary

Security researchers from watchTowr Labs report that CVE-2026-3055 encompasses at least two memory-overread flaws in Citrix NetScaler. Exploitation hinges on an empty wctx parameter in /wsfed/passive?wctx, leaking memory (via the NSC_TASS cookie) and potentially exposing authenticated admin session IDs. In-the-wild activity has begun, suggesting that patches may not cover all variants. The post includes a Detection Artifact Generator for defenders and notes that a further instance was reported to Citrix, highlighting ongoing risk for misconfigured NetScaler deployments (e.g., when used as a SAML IDP).

Topics:business #citrix-netscaler #cve-2026-3055 #in-the-wild #memory-overread #security #watchtowr-labs

Share this article

Please, We Beg, Just One Weekend Free Of Appliances (Citrix NetScaler CVE-2026-3055 Memory Overread Part 2) watchTowr Labs
Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug The Hacker News
Critical flaw in Citrix NetScaler raises fears of new exploitation wave Cybersecurity Dive
Critical Citrix NetScaler Vulnerability Poised for Exploitation, Security Firms Warn SecurityWeek
40,000 Citrix NetScaler systems found exposed following critical vulnerability disclosure cybernews.com

Reading Insights

Total Reads

Unique Readers

Time Saved

11 min

vs 12 min read

Condensed

96%

2,331 → 84 words

Want the full story? Read the original article

Read on watchTowr Labs

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights