Insufficient Input Validation in NetScaler ADC and Gateway by Citrix
CVE-2026-3055

9.3CRITICAL

Key Information:

Vendor

Netscaler
Status
Adc
Gateway
Vendor
CVE Published:
23 March 2026

Badges

πŸ₯‡ Trended No. 1πŸ“ˆ TrendedπŸ“ˆ Score: 10,700πŸ‘Ύ Exploit Exists🟑 Public PoC🟣 EPSS 43%πŸ¦… CISA ReportedπŸ“° News Worthy

What is CVE-2026-3055?

CVE-2026-3055 is a vulnerability affecting the NetScaler ADC and NetScaler Gateway products by Citrix, particularly when these systems are configured to serve as Security Assertion Markup Language (SAML) Identity Providers (IdP). This issue arises from insufficient input validation, which can lead to a memory overread condition. Such a flaw allows an attacker to manipulate input data in a way that could unintentionally disclose sensitive information from memory, potentially leading to unauthorized access to confidential data. Given the pivotal role these systems play in managing and securing network traffic, the exploitation of this vulnerability could severely compromise an organization’s security posture, allowing malicious actors to retrieve sensitive configuration data or credentials stored in memory.

Potential Impact of CVE-2026-3055

  1. Data Exposure: The primary risk associated with this vulnerability is the potential for undisclosed sensitive data to be read from memory. This could include access tokens, user credentials, or other critical information that can be utilized for further attacks.

  2. Unauthorized Access: With the capability to exploit insufficient input validation, attackers could gain unauthorized access to systems or networks. This access might facilitate the execution of other malicious activities, including data manipulation or installation of further malicious software.

  3. Increased Attack Surface: Organizations leveraging NetScaler as a SAML IdP may face an increased attack surface due to this vulnerability. The potential for an exploit to be executed could lead to cascading security failures, making it essential for organizations to implement immediate security measures and patching protocols to safeguard against exploitation.

CISA has reported CVE-2026-3055

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2026-3055 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

ADC 14.1 < 66.59

ADC 13.1 < 62.23

ADC 13.1 FIPS and NDcPP < 37.262

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-3055---Citrix-NetScaler-Memory-Overread-PoC
Created by fevar54

News Articles

favicon imageThe Hacker News

Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug

CVE-2026-3055 targets Citrix NetScaler with active reconnaissance, risking data leaks on SAML IDP setups.

3 weeks ago

References

https://support.citrix.com/support-home/kbsearch/article?...

EPSS Score

43% chance of being exploited in the next 30 days.

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟑

    Public PoC available

  • πŸ“°

    First article discovered by The Hacker News

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ¦…

    CISA Reported

  • πŸ₯‡

    Vulnerability reached the number 1 worldwide trending spot

  • πŸ“ˆ

    Vulnerability started trending

  • Vulnerability published

  • Vulnerability Reserved

.