{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3055", "assignerOrgId": "50a63c94-1ea7-4568-8c11-eb79e7c5a2b5", "state": "PUBLISHED", "assignerShortName": "NetScaler", "dateReserved": "2026-02-23T18:00:08.900Z", "datePublished": "2026-03-23T20:21:27.107Z", "dateUpdated": "2026-03-31T03:55:32.569Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ADC", "vendor": "NetScaler", "versions": [{"lessThan": "66.59", "status": "affected", "version": "14.1", "versionType": "patch"}, {"lessThan": "62.23", "status": "affected", "version": "13.1", "versionType": "patch"}, {"lessThan": "37.262", "status": "affected", "version": "13.1 FIPS and NDcPP", "versionType": "patch"}]}, {"defaultStatus": "unaffected", "product": "Gateway", "vendor": "NetScaler", "versions": [{"lessThan": "66.59", "status": "affected", "version": "14.1", "versionType": "patch"}, {"lessThan": "62.23", "status": "affected", "version": "13.1", "versionType": "patch"}]}], "datePublic": "2026-03-23T19:20:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Insufficient input validation in&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">NetScaler ADC and NetScaler Gateway when<span style=\"background-color: rgb(255, 255, 255);\">&nbsp;configured as a SAML IDP&nbsp;</span>leading to<span style=\"background-color: rgb(255, 255, 255);\">&nbsp;memory overread</span></span><br>"}], "value": "Insufficient input validation in\u00a0NetScaler ADC and NetScaler Gateway when\u00a0configured as a SAML IDP\u00a0leading to\u00a0memory overread"}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 9.3, "baseSeverity": "CRITICAL", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "50a63c94-1ea7-4568-8c11-eb79e7c5a2b5", "shortName": "NetScaler", "dateUpdated": "2026-03-23T20:21:27.107Z"}, "references": [{"url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300"}], "source": {"discovery": "UNKNOWN"}, "title": "Insufficient input validation leading to memory overread", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"references": [{"url": "https://labs.watchtowr.com/please-we-beg-just-one-weekend-free-of-appliances-citrix-netscaler-cve-2026-3055-memory-overread-part-2/", "tags": ["third-party-advisory"]}, {"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-3055", "tags": ["government-resource"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-23T00:00:00+00:00", "options": [{"Exploitation": "active"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-3055"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2026-03-30", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-3055"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T03:55:32.569Z"}, "timeline": [{"time": "2026-03-30T00:00:00.000Z", "lang": "en", "value": "CVE-2026-3055 added to CISA KEV"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3055", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-30T19:02:41.930653Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2026-03-30", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-3055"}}}], "references": [{"url": "https://labs.watchtowr.com/please-we-beg-just-one-weekend-free-of-appliances-citrix-netscaler-cve-2026-3055-memory-overread-part-2/", "tags": ["third-party-advisory"]}, {"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-3055", "tags": ["government-resource"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T20:38:42.481Z"}, "timeline": [{"lang": "en", "time": "2026-03-30T00:00:00.000Z", "value": "CVE-2026-3055 added to CISA KEV"}]}], "cna": {"title": "Insufficient input validation leading to memory overread", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "NetScaler", "product": "ADC", "versions": [{"status": "affected", "version": "14.1", "lessThan": "66.59", "versionType": "patch"}, {"status": "affected", "version": "13.1", "lessThan": "62.23", "versionType": "patch"}, {"status": "affected", "version": "13.1 FIPS and NDcPP", "lessThan": "37.262", "versionType": "patch"}], "defaultStatus": "unaffected"}, {"vendor": "NetScaler", "product": "Gateway", "versions": [{"status": "affected", "version": "14.1", "lessThan": "66.59", "versionType": "patch"}, {"status": "affected", "version": "13.1", "lessThan": "62.23", "versionType": "patch"}], "defaultStatus": "unaffected"}], "datePublic": "2026-03-23T19:20:00.000Z", "references": [{"url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Insufficient input validation in\u00a0NetScaler ADC and NetScaler Gateway when\u00a0configured as a SAML IDP\u00a0leading to\u00a0memory overread", "supportingMedia": [{"type": "text/html", "value": "Insufficient input validation in&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">NetScaler ADC and NetScaler Gateway when<span style=\"background-color: rgb(255, 255, 255);\">&nbsp;configured as a SAML IDP&nbsp;</span>leading to<span style=\"background-color: rgb(255, 255, 255);\">&nbsp;memory overread</span></span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "50a63c94-1ea7-4568-8c11-eb79e7c5a2b5", "shortName": "NetScaler", "dateUpdated": "2026-03-23T20:21:27.107Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3055", "state": "PUBLISHED", "dateUpdated": "2026-03-30T22:20:23.749Z", "dateReserved": "2026-02-23T18:00:08.900Z", "assignerOrgId": "50a63c94-1ea7-4568-8c11-eb79e7c5a2b5", "datePublished": "2026-03-23T20:21:27.107Z", "assignerShortName": "NetScaler"}, "dataVersion": "5.2"}

{"cisaActionDue": "2026-04-02", "cisaExploitAdd": "2026-03-30", "cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "Citrix NetScaler Out-of-Bounds Read Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*", "matchCriteriaId": "453E034F-91B1-48E0-A0C2-4DE99EA221DB", "versionEndExcluding": "13.1-37.262", "versionStartIncluding": "13.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:ndcpp:*:*:*", "matchCriteriaId": "5C536886-5796-4FB4-BB94-BE34DE32339A", "versionEndExcluding": "13.1-37.262", "versionStartIncluding": "13.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*", "matchCriteriaId": "E2DFB77E-B610-4FAC-84EB-CAB9D68F16F4", "versionEndExcluding": "13.1-62.23", "versionStartIncluding": "13.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*", "matchCriteriaId": "F1145E85-5AEC-4584-A385-1DAA2084CD9F", "versionEndExcluding": "14.1-60.58", "versionStartIncluding": "14.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "46A54BC1-9EA0-4F74-81D1-48FB04AE4479", "versionEndExcluding": "13.1-62.23", "versionStartIncluding": "13.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "FEA94A98-44D9-4A3A-8713-7A4963CD820B", "versionEndExcluding": "14.1-60.58", "versionStartIncluding": "14.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Insufficient input validation in\u00a0NetScaler ADC and NetScaler Gateway when\u00a0configured as a SAML IDP\u00a0leading to\u00a0memory overread"}, {"lang": "es", "value": "Validaci\u00f3n de entrada insuficiente en NetScaler ADC y NetScaler Gateway cuando se configura como un IDP SAML, lo que lleva a una sobrelectura de memoria."}], "id": "CVE-2026-3055", "lastModified": "2026-03-31T13:18:14.213", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "50a63c94-1ea7-4568-8c11-eb79e7c5a2b5", "type": "Secondary"}]}, "published": "2026-03-23T21:17:17.477", "references": [{"source": "50a63c94-1ea7-4568-8c11-eb79e7c5a2b5", "tags": ["Vendor Advisory"], "url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"], "url": "https://labs.watchtowr.com/please-we-beg-just-one-weekend-free-of-appliances-citrix-netscaler-cve-2026-3055-memory-overread-part-2/"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["US Government Resource"], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-3055"}], "sourceIdentifier": "50a63c94-1ea7-4568-8c11-eb79e7c5a2b5", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "50a63c94-1ea7-4568-8c11-eb79e7c5a2b5", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[14.1,66.59)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[13.1,62.23)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[13.1 FIPS and NDcPP,37.262)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "ADC", "source": "cna", "vendor": "NetScaler"}, "product": "adc", "vendor": "netscaler"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[14.1,66.59)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[13.1,62.23)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Gateway", "source": "cna", "vendor": "NetScaler"}, "product": "gateway", "vendor": "netscaler"}], "analysis": {"en": {"generated_at": "2026-03-31T15:06:07.257615+00:00", "value": {"mitigation_remediation": ["Apply the latest security update for Citrix NetScaler ADC and NetScaler Gateway as released by Citrix.", "If a patch is not yet available, disable or restrict external access to the SAML IDP functionality on the affected appliances.", "Monitor system logs for anomalous memory access patterns or repeated authentication failures and investigate any suspicious activity."], "summary": {"action": "Immediate Patch", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "Citrix NetScaler Application Delivery Controller and Citrix NetScaler Gateway are affected. The vulnerability manifests only when these appliances are configured as SAML IDPs. Version information is not provided, so all builds supporting the SAML IDP configuration path are potentially vulnerable.", "description_and_impact": "Insufficient input validation in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway when configured as a SAML Identity Provider allows attackers to trigger a memory overread. The flaw can expose raw memory contents or other sensitive information when crafted requests are sent to the appliance. The weakness is classified as CWE-125: Out\u2011of\u2011Bounds Read. The description does not explicitly state that code execution is possible, so the primary risk is data disclosure.", "risk_and_exploitability": "The CVSS score of 9.3 indicates high severity, and the EPSS score of 37% suggests a moderate to high likelihood of exploitation. The vulnerability is listed in CISA\u2019s Known Exploited Vulnerabilities catalog, meaning that exploits are observed or reported. The attack vector is inferred to be remote over the network, requiring the ability to send crafted SAML requests to the appliance. No local or physical prerequisites are indicated in the description."}}}}, "created": "2026-03-24T10:32:55.796124+00:00", "updated": "2026-03-31T20:09:23.907511+00:00", "vendors": ["netscaler", "netscaler$PRODUCT$adc", "netscaler$PRODUCT$gateway"]}