CVE-2026-3055

CVE Database · CVE-2026-3055

CVE-2026-3055

· CRITICALAnalyzed

CVSS v3.1

9.8

CVSS v4.0

9.3

EPSS

84.00%

Published

Mar 23, 2026

Modified

Mar 31, 2026

CISA Known Exploited Vulnerability

Added: 2026-03-30 · Due: 2026-04-02

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Public PoC / Exploit (1)

All weaponized →

NucleiNuclei detection template

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-125

Affected Products (6)

citrix · netscaler_application_delivery_controller (up to 13.1-37.262)vulnerable

citrix · netscaler_application_delivery_controller (up to 13.1-62.23)vulnerable

citrix · netscaler_application_delivery_controller (up to 14.1-60.58)vulnerable

citrix · netscaler_gateway (up to 13.1-62.23)vulnerable

citrix · netscaler_gateway (up to 14.1-60.58)vulnerable

References (3)

https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300

Vendor Advisory

https://labs.watchtowr.com/please-we-beg-just-one-weekend-free-of-appliances-citrix-netscaler-cve-2026-3055-memory-overread-part-2/

ExploitThird Party Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-3055

US Government Resource

KEV Catalog EPSS Scores Vendors All CVEs