Citrix Bleed: Mass exploitation in progress (CVE-2023-4966)

CVE-2023-4966, aka “Citrix Bleed”, a critical information disclosure vulnerability affecting Citrix NetScaler ADC/Gateway devices, is being massively exploited by threat actors.

Threat actors have been quick to leverage vulnerabilities in Citrix NetScaler ADC in the past, and this vulnerability is obviously no exception.

CVE-2023-4966 is a remotely and easily exploitable vulnerability that allows attackers to grab valid session tokens from internet-facing vulnerable Netscaler devices’ memory.

A week later, Mandiant researchers revealed that the vulnerability has been exploited as a zero-day by attackers since late August 2023, to attack professional services, technology, and government organizations.

Mandiant pointed out that updating vulnerable devices is not enough to boot the attackers from them – they advised admins to terminate all active sessions and check whether the attackers left behind web shells or backdoors.

“Due to the lack of available log records or other artifacts of exploitation activity, as a precaution, organizations should consider rotating credentials for identities that were provisioned for accessing resources via a vulnerable NetScaler ADC or Gateway appliance,” Mandiant researchers noted.

Share this article on social media:

Subscribe to Our Newsletter!
Stay on top of cybersecurity risks, evolving threats and industry news.
This field is for validation purposes and should be left unchanged.

The Latest Cybersecurity News

From major cyberattacks, newly discovered critical vulnerabilities to recommended best practices, read it here first:

Tell us About your Needs
Get an Answer the Same Business Day

Got an urgent request? Call us at 1-877-805-7475 or Book a meeting.

What happens next:

  • We reach out to learn about your objectives
  • We work together to define your project’s scope
  • You get an all-inclusive, no engagement proposal
This field is for validation purposes and should be left unchanged.


Enter your Email Address

This field is for validation purposes and should be left unchanged.

* No free email provider (e.g:,, etc.)



Everything You Need to Know

Gain confidence in your future cybersecurity assessments by learning to effectively plan, scope and execute projects.
This site is registered on as a development site. Switch to a production site key to remove this banner.