The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive ordering federal agencies to patch a critical vulnerability in Citrix NetScaler appliances that is being actively exploited by threat actors. The directive gives agencies until Thursday to implement the necessary security updates.
The vulnerability affects Citrix NetScaler ADC and Gateway appliances, which are widely deployed across government networks for application delivery and secure remote access. CISA's emergency action indicates the flaw poses significant risk to federal systems and data.