VulnerabilityALERT High

CVE-2026-3055: Citrix NetScaler Out-of-Bounds Read Vulnerability

Citrix NetScaler ADC (formerly Citrix ADC), NetScaler Gateway (formerly Citrix Gateway) and NetScaler ADC FIPS and NDcPP contain an out-of-bounds reads vulnerability when configured as a SAML IDP leading to memory overread.

Impact

CISA lists CVE-2026-3055 as known exploited in the wild for Citrix NetScaler. Ransomware campaign use: Unknown. Federal remediation due date: 2026-04-02.

Recommended Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Published: 3/30/2026, 12:00:00 AMSource: CISA Known Exploited Vulnerabilities CatalogTags: CVE-2026-3055, Citrix, NetScaler, CISA KEV, CWE-125