Dual memory-overread flaws unlock Citrix NetScaler doors (CVE-2026-3055) Part 2
Security researchers from watchTowr Labs report that CVE-2026-3055 encompasses at least two memory-overread flaws in Citrix NetScaler. Exploitation hinges on an empty wctx parameter in /wsfed/passive?wctx, leaking memory (via the NSC_TASS cookie) and potentially exposing authenticated admin session IDs. In-the-wild activity has begun, suggesting that patches may not cover all variants. The post includes a Detection Artifact Generator for defenders and notes that a further instance was reported to Citrix, highlighting ongoing risk for misconfigured NetScaler deployments (e.g., when used as a SAML IDP).