Critical memory overread vulnerability in NetScaler ADC and Gateway when configured as SAML IDP. Actively exploited in the wild with CISA KEV listing, directly exploitable over the network without authentication.
Data Source: CIRCL
Confidence: HIGH
Exploitation Method: DIRECT_NETWORK
CVE Published: 2026-03-23
Added to CISA KEV: 2026-03-30 7 DAYS BETWEEN CVE AND KEV
The CVE-2026-3055 vulnerability affects Citrix NetScaler ADC and NetScaler Gateway, which are often configured as internet-facing authentication devices [1][5].
Evidence of Active Exploitation:By adding CVE-2026-3055 to the KEV catalog, CISA confirms that threat actors are actively leveraging this vulnerability in real-world attacks. While the agency notes that it is currently unknown if the flaw is being utilized in ransomware campaigns, the active exploitation of any edge gateway applia…
Spread the loveIn a concerning development for the cybersecurity landscape, a critical vulnerability affecting Citrix NetScaler ADC and Gateway, identified as CVE-2026-3055, has been under active exploitation since March 27, 2026. This flaw, rated with a CVSS score of 9.3, poses significant risks to…
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catal…
Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2026-3055 weaknesses.EPSS is a daily estimate of the probability of exploitation activity being observed over…
On March 23, 2026, Citrix published a security advisory for a critical vulnerability affecting their NetScaler ADC and NetScaler Gateway ...