Unrated severityCISA KEVNVD Advisory· Published Mar 23, 2026· Updated Mar 31, 2026
Insufficient input validation leading to memory overread
CVE-2026-3055
Description
Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread
Affected products
3- NetScaler/Gatewayv5Range: 14.1
Patches
Vulnerability mechanics
References
1News mentions
9- Citrix Patches Six NetScaler Flaws Allowing File Read and Denial-of-ServiceThe Hacker News · Jul 1, 2026
- Citrix patches a new NetScaler flaw with echoes of CitrixBleedCyberScoop · Jun 30, 2026
- CitrixBleed To Infinity And Beyond (Citrix NetScaler Pre-Auth Memory Overread CVE-2026-8451)watchTowr Labs · Jun 30, 2026
- Metasploit Wrap Up 05/29/2026Rapid7 Blog · May 29, 2026
- 30th March – Threat Intelligence ReportCheck Point Research · Mar 30, 2026
- Critical Citrix NetScaler Vulnerability Exploited in the WildInfosecurity Magazine · Mar 30, 2026
- Please, We Beg, Just One Weekend Free Of Appliances (Citrix NetScaler CVE-2026-3055 Memory Overread Part 2)watchTowr Labs · Mar 29, 2026
- The Sequels Are Never As Good, But We're Still In Pain (Citrix NetScaler CVE-2026-3055 Memory Overread)watchTowr Labs · Mar 28, 2026
- Citrix Urges Immediate Patching for Critical NetScaler VulnerabilitiesInfosecurity Magazine · Mar 24, 2026