Regulatory Triage ICT Providers

Citrix

Infrastructure & Virtualization

Period: 7d 14d 30d 90d

Open CVEs

Exploited

KEV

Unpatched

No Workaround

Internet-facing

Why this provider is risky now

This provider has 2 open CVE(s) in the last 30 days. 1 listed in CISA KEV (known exploited). 1 have no vendor patch. 1 affect internet-facing services.

1 KEV 1 Exploited 1 Unpatched 1 Public PoC 1 Internet-facing

Top Risky CVEs

CVE-2026-3055

Emergency

An insufficient input validation vulnerability exists in Citrix NetScaler ADC and NetScaler Gateway when configured as a SAML Identity Provider, allowing attackers to trigger a memory overread condition. The vulnerability affects both the NetScaler ADC and NetScaler Gateway products across multiple versions, and successful exploitation could lead to information disclosure by reading adjacent memory contents. While no CVSS score or EPSS data is currently published, the CWE-125 classification (Out-of-bounds Read) combined with the SAML IDP configuration context suggests moderate to high real-world risk for organizations relying on these devices for identity management.

Within 24 hours: Identify all Citrix NetScaler ADC and Gateway instances configured as SAML Identity Providers in your environment and isolate from internet-facing access if possible. Within 7 days: Apply the vendor-released patch to all affected NetScaler ADC and NetScaler Gateway systems; consult Citrix advisory for affected version ranges and corresponding patch versions. Within 30 days: Conduct memory forensics and access logs on affected systems to detect potential exploitation; reset all SAML-authenticated user sessions and issue password reset notices to users with accounts managed through these identity providers.

ICT dependency Active exploitation KEV PoC Patched

Why flagged?

NIS2 Relevant

• CRITICAL severity
• Third-party ICT: Citrix
• Exploited in the wild (CISA KEV)
• Strong evidence (KEV / high EPSS / multi-source)

DORA Relevant

• CRITICAL severity
• ICT provider: Citrix (Infrastructure & Virtualization)
• Known exploited vulnerability (KEV)

9.3

CVSS

0.0%

EPSS

117

Priority

CVE-2026-4368

This Week

Unpatched

Citrix NetScaler ADC and Gateway instances configured for SSL VPN, ICA Proxy, CVPN, RDP Proxy, or AAA virtual servers are vulnerable to a race condition that enables authenticated attackers to hijack other users' sessions. An attacker with valid credentials can exploit timing-dependent conditions to cause session mixup between concurrent users, potentially gaining unauthorized access to sensitive resources or impersonating other authenticated users. No patch is currently available for this high-severity vulnerability.

Within 7 days: Identify all affected systems and apply vendor patches promptly. Monitor vendor channels for patch availability.

Edge exposure ICT dependency No patch available

Why flagged?

NIS2 Relevant

• HIGH severity
• Internet-facing technique: authentication-bypass
• Third-party ICT: Citrix
• No patch available
• Strong evidence (KEV / high EPSS / multi-source)

DORA Relevant

• HIGH severity
• ICT provider: Citrix (Infrastructure & Virtualization)
• No remediation available

7.7

CVSS

0.0%

EPSS

Priority

By Exposure

Internet-facing

Mgmt / Admin Plane

Identity / Auth

Internal only

By Exploitability

Known exploited

Public PoC

High EPSS (>30%)

Remote unauthenticated

Local only

By Remediation

Patch available

No patch

Workaround available

No workaround

Affected Services / Product Families

Citrix

2 CVE(s)

CVE-2026-3055 CRITICAL KEV PoC Patched

CVE-2026-4368 HIGH Unpatched

Recommended Actions

Immediately patch or isolate 1 CVE(s) listed in CISA KEV Review WAF/firewall rules for 1 internet-facing CVE(s) Track Citrix vendor advisories for remediation timeline