Flaws in Citrix NetScaler and ADC Gateway have historically been targeted by threat actors, though researchers don't believe the impact of these two bugs to match that of CitrixBleed.
Citrix is urging impacted customers to update, but also recommends that they remove any active or persistent sessions and look for patterns of suspicious session use.
The flaw was disclosed last week, but researchers said that exploitation started in late August.
Organizations are urged to apply patches for the flaw in Netscaler (formerly Citrix) ADC and Gateway products.