CVE-2026-3055

CWE-125 — Out-of-bounds Read14 documents9 sources

9.3

CVSS

CRITICAL

EPSS44.3%(98th)

CISA KEVPublic Exploit

CISA Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Affected Packages2 packages

▶NVDcitrix/netscaler_gateway13.1 — 13.1-62.23+1

▶NVDcitrix/netscaler_application_delivery_controller13.1 — 13.1-37.262+2

Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread

NVD ↗MITRE ↗

🔴Vulnerability Details

CVEList

Insufficient input validation leading to memory overread↗2026-03-23

▶

VulnCheck

Citrix NetScaler Out-of-Bounds Read Vulnerability↗2026

▶

💥Exploits & PoCs

Nuclei

Citrix NetScaler SAML IDP - Memory Overread

▶

📋Vendor Advisories

CISA

Citrix NetScaler Out-of-Bounds Read Vulnerability↗2026-03-30

▶

🕵️Threat Intelligence

Bleepingcomputer

CISA orders feds to patch actively exploited Citrix flaw by Thursday↗2026-03-31

▶

Bleepingcomputer

Critical Citrix NetScaler memory flaw actively exploited in attacks↗2026-03-30

▶

Hackernews

Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug↗2026-03-28

▶

Blog

Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug↗2026-03-28

▶

Bleepingcomputer

Citrix urges admins to patch NetScaler flaws as soon as possible↗2026-03-25

▶