好的,我现在需要帮用户总结这篇文章的内容,控制在100个字以内。首先,我得仔细阅读文章,抓住主要信息。 文章讲的是美国网络安全和基础设施安全局(CISA)将Citrix NetScaler的一个漏洞加入到了已知被利用的漏洞目录中。这个漏洞的编号是CVE-2026-3055,CVSS评分是9.3,属于高危。Citrix在三月份发布了安全更新修复了这个漏洞,但CISA现在才将其加入目录。 漏洞的具体情况是由于输入验证不足导致内存溢出读取,只有当Citrix ADC或Gateway配置为SAML身份提供商时才会触发。这意味着很多使用单点登录的组织可能受到影响。目前还没有已知的野外利用或POC,但一旦有exploit代码出现,攻击可能会迅速增多。 此外,CISA要求联邦机构在2026年4月2日前修复这个漏洞,并建议私营组织也检查和修复相关漏洞。 总结的时候要包括:CISA将CVE-2026-3055加入目录,这是一个高危漏洞,影响SAML配置的系统,要求修复日期。控制在100字以内。 </think> 美国网络安全机构CISA将Citrix NetScaler中的高危漏洞CVE-2026-3055加入已知被利用漏洞目录,该漏洞可导致未认证攻击者泄露敏感信息。CISA要求联邦机构于2026年4月2日前修复此漏洞。 2026-3-31 09:31:41 Author: securityaffairs.com(查看原文) 阅读量:1 收藏
U.S. CISA adds a flaw in Citrix NetScaler to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Citrix NetScaler to its Known Exploited Vulnerabilities catalog.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Citrix NetScaler, tracked as CVE-2026-3055 (CVSS ver. 4.0 score of 9.3), to its Known Exploited Vulnerabilities (KEV) catalog.
In March, Citrix issued security updates for two NetScaler vulnerabilities, including the critical vulnerability, tracked as CVE-2026-3055 (CVSS score of 9.3), that allows unauthenticated attackers to leak sensitive data.
The flaw CVE-2026-3055 is an insufficient input validation that leads to a memory overread. It can be triggered only if Citrix ADC or Citrix Gateway are configured as a SAML IDP.
Customers can check if their NetScaler appliance is set up as a SAML IDP by looking for the configuration string:
add authentication samlIdPProfile .*
“This vulnerability, CVE-2026-3055, which is classified as an out-of-bounds read and holds a CVSS score of 9.3, allows unauthenticated remote attackers to leak potentially sensitive information from the appliance’s memory.” reads the advisory published by Rapid7 researchers. “The Citrix advisory states that systems configured as a SAML Identity Provider (SAML IDP) are vulnerable, whereas default configurations are unaffected. This SAML IDP configuration is likely a very common configuration for organizations utilizing single sign-on.”
At this time, CVE-2026-3055 has no known in-the-wild exploits or public proof-of-concept. Citrix discovered it internally, but once exploit code is released, attacks are likely. Customers should patch immediately, as similar memory-leak flaws like “CitrixBleed” (CVE-2023-4966) were widely exploited in 2023.
The second vulnerability fixed by the vendor is a race condition tracked as CVE-2026-4368 (CVSS score of 7.7) that causes session mix-ups.
According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
Experts also recommend that private organizations review the Catalog and address the vulnerabilities in their infrastructure.
CISA orders federal agencies to fix the vulnerability by April 2, 2026.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, US CISA Known Exploited Vulnerabilities catalog)
如有侵权请联系:admin#unsafe.sh