## Metasploit Module Released for Citrix NetScaler Memory Leak (CVE-2026-3055)
A new exploit module has been added to the Metasploit Framework, targeting a critical memory leak vulnerability in Citrix NetScaler appliances configured as SAML identity providers. The module, identified as CVE-2026-3055, allows attackers to read arbitrary memory from vulnerable systems, potentially exposing sensitive session cookies and authentication tokens. This flaw echoes the mechanics of the infamous CitrixBleed vulnerabilities, posing a direct threat to the integrity of enterprise network gateways.

The auxiliary scanner module is designed to probe NetScaler instances, such as version NS13.1 Build 59.19.nc, for the specific memory over-read condition. Successful exploitation can leak memory contents, which may include active administrative session data. The module's development is based on a detailed technical analysis published by security researchers at watchTowr Labs, who highlighted the risk of session hijacking through this vulnerability.

The release of this weaponized tool into a widely-used penetration testing framework significantly lowers the barrier for exploitation. It enables both security professionals and threat actors to automate attacks against unpatched Citrix NetScaler deployments, escalating the operational risk for organizations relying on these appliances for secure remote access. The presence of a 'check' function allows for rapid, non-destructive vulnerability scanning, increasing the likelihood of widespread reconnaissance and targeted attacks.
---
- **Source**: GitHub Issues
- **Sector**: The Lab
- **Tags**: CVE-2026-3055, Metasploit, Memory Leak, SAML, CitrixBleed
- **Credibility**: unverified
- **Published**: 2026-04-14 11:22:58
- **ID**: 63614
- **URL**: https://whisperx.ai/en/intel/63614