CitrixBleed 3 (CVE-2026-3055): NetScaler Memory Leak Under Mass Attack
A NetScaler memory-overread flaw patched in March is now under large-scale exploitation. Patching alone is not enough, you must kill live sessions.

A critical NetScaler vulnerability nicknamed "CitrixBleed 3" has moved from theoretical risk to active, large-scale exploitation. Patched back in March 2026, the flaw sat as a slow-burning emergency until early June, when Fortinet's threat intelligence team confirmed attackers were hitting internet-facing appliances at scale. If you run NetScaler ADC or Gateway as a SAML identity provider, applying the patch is only half the job, and the half most teams skip is the half that matters.
Quick answer
CVE-2026-3055 is an out-of-bounds memory read in NetScaler ADC and Gateway (CVSS 9.3) that lets an unauthenticated attacker leak session tokens and bypass MFA. Patching to 14.1-66.59, 13.1-62.23, or NDcPP 13.1-37.262 stops new leaks, but it does not invalidate tokens already stolen. You must also run the session-kill commands (kill aaa session -all and the others below) and hunt your logs for prior compromise. If your appliance was internet-facing and unpatched any time since late March, assume tokens leaked and investigate.
Key takeaways
- CVE-2026-3055 is an out-of-bounds memory read in NetScaler ADC and Gateway, rated CVSS 9.3, that lets an unauthenticated attacker leak sensitive memory, including session tokens, from the appliance.
- The bug earns the "CitrixBleed 3" name because it echoes the original CitrixBleed: stolen session tokens let an attacker hijack an authenticated session and walk past multi-factor authentication entirely.
- Exploitation requires the appliance to be configured as a SAML identity provider, which is the default way most enterprises wire NetScaler into single sign-on for Microsoft 365, Salesforce, and other federated apps.
- Patching does not end the threat. Tokens already stolen stay valid until you explicitly terminate every active and persistent session.
- A companion flaw, CVE-2026-4368, is a race condition in the same products rated 7.7. Fix both in the same maintenance window.
What the flaw does
Tracked as CVE-2026-3055, the vulnerability is an out-of-bounds read: the appliance returns more memory than it should when handling certain requests. That leaked memory can contain session tokens, configuration secrets, and other sensitive data left over in the buffer. Because the attacker needs no credentials, simply being able to reach the appliance over the network is enough to begin harvesting data.
The appliance must be configured as a SAML identity provider for exploitation to succeed. That is not an obscure setup, SAML IDP is the standard way enterprises make NetScaler the thing that issues identity assertions to every federated SaaS in their estate. When the appliance that vouches for your users' identities is leaking memory, the blast radius is the entire single-sign-on environment behind it.
Warning
A stolen session token is not a password. You cannot fix the exposure by forcing a password reset, the appliance will honor a leaked session until that session is explicitly killed.
Why a March bug is a June emergency
The timeline is the whole story:
- Citrix patched CVE-2026-3055 on March 23, 2026, comparing it to the original CitrixBleed and urging fast action.
- Through April and May, security researchers published technical breakdowns and warned that exploitation was imminent. Attackers began probing internet-facing instances.
- In early June, Fortinet confirmed large-scale exploitation against appliances configured as SAML identity providers.
The gap between "patch available" and "attack over" stretched to roughly eleven weeks. That gap exists for two reasons: organizations that never applied the March patch, and organizations that patched but never flushed the sessions that were already exposed. The second group represents one of the most common and costly mistakes in incident response, treating a memory-disclosure bug like a normal code flaw that a patch fully resolves.
Here is the difference in plain terms, because it is the crux of why patching alone fails:
| A normal code-execution bug | A memory-leak bug like CitrixBleed 3 | |
|---|---|---|
| What the patch fixes | Closes the entry point completely | Stops new leaks only |
| State left behind | None once patched | Tokens already stolen stay valid |
| Extra step required | None | Kill all sessions, rotate secrets |
| Detection question | Was the exploit run? | Were any tokens leaked before patch? |
| Safe assumption | Patched equals safe | Internet-facing plus late patch equals investigate |
The two CVEs you are dealing with in this maintenance window are related but distinct:
| CVE | Type | CVSS | Requires SAML IDP? |
|---|---|---|---|
| CVE-2026-3055 | Out-of-bounds memory read | 9.3 | Yes |
| CVE-2026-4368 | Race condition | 7.7 | No |

How to fix it properly
Remediation has two non-negotiable parts. Skipping the second one leaves attackers logged in.
- Upgrade the firmware. Update NetScaler ADC and Gateway to 14.1-66.59, 13.1-62.23, or the NDcPP build 13.1-37.262 or later. This stops new memory leaks. Confirm exact target builds against Citrix bulletin CTX696300 for your branch.
- Kill every active and persistent session immediately after, or even before, the upgrade. This invalidates tokens that may already be in attacker hands.
- Hunt for prior compromise. Review authentication logs for sessions you cannot account for, unexpected admin logins, and lateral movement into the SaaS apps behind your SSO.
- Rotate exposed secrets. Treat any credential the appliance handled as potentially leaked and rotate it.
The session-termination commands Citrix and researchers recommend are:
kill aaa session -all
kill icaconnection -all
kill rdp connection -all
kill pcoipConnection -all
clear lb persistentSessions
Applying the firmware patch stops the bleeding. These commands close the wound. Run both, in the same maintenance window, and verify that the active session count drops to what you expect afterward.
Tip
If your NetScaler is internet-facing and was unpatched at any point since late March, assume tokens may have leaked and investigate for compromise rather than treating the patch as the end of the story.
The pattern to learn from
CitrixBleed 3 is the third time the same lesson has come around: when a flaw leaks live session tokens, the patch is necessary but not sufficient. Tokens are bearer credentials. Whoever holds one is logged in, full stop, until the session dies. This is the same dynamic behind the surge of session-hijacking attacks driven by infostealer malware, see our guide on stopping infostealers from hijacking your session cookies for the consumer-side version of the same problem.
It also underlines why edge appliances and management planes deserve the fastest patch cadence you can manage. They sit at the perimeter, they are internet-reachable by design, and they hold the keys to everything behind them. The same urgency applied to the recent Cisco Unified CM exploitation, and it applies here. If you need a refresher on locking down network gear and segmentation in general, our router and network hardening checklist covers the fundamentals.
What to do tonight
If you run NetScaler ADC or Gateway, work this list before you log off:
- Confirm your current firmware build and compare it against CTX696300 for your branch.
- Upgrade to 14.1-66.59, 13.1-62.23, or NDcPP 13.1-37.262 (or later) if you are behind.
- Immediately run the session-kill commands below and verify the active session count drops.
- Pull authentication logs and look for sessions you cannot tie to a real login, especially admin access from unfamiliar locations.
- Check the SaaS apps federated behind your SSO (Microsoft 365, Salesforce) for anomalous activity and new mailbox forwarding rules.
- Rotate any secret the appliance handled, treating it as potentially leaked.
- Patch CVE-2026-4368 in the same window even though it does not need SAML IDP.
Frequently asked questions
Am I affected if my NetScaler is not a SAML identity provider?
Exploitation of CVE-2026-3055 specifically requires the SAML IDP configuration. If your appliance is not configured that way, this particular flaw is not exploitable against you, but you should still patch, because the companion bug CVE-2026-4368 and future flaws may not share that requirement.
I patched in March. Do I still need to kill sessions?
If you patched in March and also terminated all sessions at that time, you are in good shape. If you patched but never ran the session-kill commands, any tokens leaked before the patch could still be valid. Run the commands now and review logs for misuse.
How do I know if I was already exploited?
There is no single clean indicator, but look for authenticated sessions you cannot trace to a legitimate login, admin access from unfamiliar locations, and unusual activity in the SaaS applications federated behind your NetScaler SSO. Because the attack uses valid stolen tokens, it can look like normal user activity, correlate against your own access records.
Is this the same as the original CitrixBleed?
It is a different CVE in a different code path, but the impact pattern is the same: leaked memory yields session tokens that enable authentication bypass. That similarity is exactly why researchers gave it the "CitrixBleed 3" nickname.
Sources
- BleepingComputer: Citrix urges admins to patch NetScaler flaws as soon as possible
- Rapid7: CVE-2026-3055 Citrix NetScaler ADC and Gateway out-of-bounds read
- Cybersecurity Dive: Citrix NetScaler products confirmed under exploitation
- Picus Security: Inside the NetScaler CitrixBleed 3 memory overread
- Citrix Security Bulletin CTX696300
Sources & further reading
- bleepingcomputer.com/news/security/citrix-urges-admins-to-patch-netscaler-flaws-as-soon-as-possible/
- rapid7.com/blog/post/etr-cve-2026-3055-citrix-netscaler-adc-and-netscaler-gateway-out-of-bounds-read/
- cybersecuritydive.com/news/citrix-netscaler-exploitation-vulnerabilities/816097/
- picussecurity.com/resource/blog/cve-2026-3055-cve-2026-4368-inside-the-netscaler-citrixbleed-3-memory-overread
- support.citrix.com/support-home/kbsearch/article


