NetScaler ADC and NetScaler Gateway out-of-bounds read security flaw (CVE-2026-3055)
Vulnerability
Summary
Hide ▲
Show ▼
A critical out-of-bounds read in NetScaler ADC and NetScaler Gateway can let an unauthenticated remote attacker leak sensitive memory contents from affected appliances. CVE-2026-3055 affects specific customer-managed builds configured as a SAML Identity Provider, and the vendor has released fixed versions plus a temporary Global Deny List mitigation. The issue matters because the flaw is rated CVSS 9.3 even though there is no known in-the-wild exploitation and no public PoC at publication time.
Related Happenings
Microsoft Exchange CVE-2026-42897 mitigation advisory
Advisory/Mitigation
First: 15.05.2026 12:40
Last: 15.05.2026 12:40
Sources 1
About this happening:
**Microsoft** issued immediate mitigation guidance for **CVE-2026-42897**, reducing risk for **Exchange Server 2016, 2019, and Subscription Edition (SE)** on-premises servers that...
Microsoft Exchange CVE-2026-42897 mitigation advisory
Advisory/MitigationAbout this happening: **Microsoft** issued immediate mitigation guidance for **CVE-2026-42897**, reducing risk for **Exchange Server 2016, 2019, and Subscription Edition (SE)** on-premises servers that...
Latest development: 15.05.2026 15:35
Microsoft issued temporary mitigation guidance for CVE-2026-42897 while a patch is still in development, recommending the Exchange Emergency Mitigation (EM) Service, which is enabled by default and can be checked with the Exchange Health Checker script, or the Exchange On-premises Mitigation Tool (EOMT) for disconnected or air-gapped environments. Microsoft noted that the mitigations can disrupt features such as OWA Print Calendar and Inline images, and that servers older than March 2023 cannot receive new mitigations through EM Service.
PAN-OS User-ID Authentication Portal mitigation guidance (CVE-2026-0300)
Advisory/Mitigation
First: 06.05.2026 09:14
Last: 06.05.2026 09:14
Sources 1
About this happening:
Palo Alto Networks issued **mitigation guidance** for **CVE-2026-0300** after the **PAN-OS User-ID Authentication Portal** flaw was reported **exploited in the wild**, leaving pub...
PAN-OS User-ID Authentication Portal mitigation guidance (CVE-2026-0300)
Advisory/MitigationAbout this happening: Palo Alto Networks issued **mitigation guidance** for **CVE-2026-0300** after the **PAN-OS User-ID Authentication Portal** flaw was reported **exploited in the wild**, leaving pub...
CISA KEV order for CVE-2026-3055 on Citrix appliances
Public Sector Action
First: 31.03.2026 10:05
Last: 31.03.2026 10:05
Sources 1
How related:
On Monday, CISA added the CVE-2026-3055 vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, ordering Federal Civilian Executive Branch (FCEB) agencies to secure vulnerable Citrix appliances by Thursday, April 2, as mandated by Binding Operational Directive (BOD) 22-01.
About this happening:
CISA added **CVE-2026-3055** to the **KEV Catalog** and ordered **FCEB agencies** to secure **Citrix NetScaler** appliances by **Thursday, April 2**, turning an **actively exploit...
CISA KEV order for CVE-2026-3055 on Citrix appliances
Public Sector ActionHow related: On Monday, CISA added the CVE-2026-3055 vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, ordering Federal Civilian Executive Branch (FCEB) agencies to secure vulnerable Citrix appliances by Thursday, April 2, as mandated by Binding Operational Directive (BOD) 22-01.
About this happening: CISA added **CVE-2026-3055** to the **KEV Catalog** and ordered **FCEB agencies** to secure **Citrix NetScaler** appliances by **Thursday, April 2**, turning an **actively exploit...
Cloud Software Group NetScaler urgent remediation advisory
Advisory/Mitigation
First: 25.03.2026 17:52
Last: 25.03.2026 17:52
Sources 1
How related:
"Cloud Software Group strongly urges affected customers of NetScaler ADC and NetScaler Gateway to install the relevant updated versions as soon as possible," the company warned in a Monday advisory.
About this happening:
**Cloud Software Group** issued urgent remediation guidance for **NetScaler ADC** and **NetScaler Gateway**, telling affected customers to install updated versions as soon as poss...
Cloud Software Group NetScaler urgent remediation advisory
Advisory/MitigationHow related: "Cloud Software Group strongly urges affected customers of NetScaler ADC and NetScaler Gateway to install the relevant updated versions as soon as possible," the company warned in a Monday advisory.
About this happening: **Cloud Software Group** issued urgent remediation guidance for **NetScaler ADC** and **NetScaler Gateway**, telling affected customers to install updated versions as soon as poss...
CISA KEV remediation deadline for SolarWinds WHD CVE-2025-40551
Public Sector Action
First: 04.02.2026 07:50
Last: 04.02.2026 07:50
Sources 1
About this happening:
**CISA** added **CVE-2025-40551** in **SolarWinds Web Help Desk** to the **KEV catalog** and imposed **federal remediation deadlines**, turning a newly exploited flaw into a compl...
CISA KEV remediation deadline for SolarWinds WHD CVE-2025-40551
Public Sector ActionAbout this happening: **CISA** added **CVE-2025-40551** in **SolarWinds Web Help Desk** to the **KEV catalog** and imposed **federal remediation deadlines**, turning a newly exploited flaw into a compl...
Timeline
-
24.03.2026 17:15 2 articles · 2mo ago
Citrix issues critical NetScaler CVE-2026-3055 bulletin
Initial DisclosureCitrix released a critical security bulletin for NetScaler Application Delivery Controller (ADC) and NetScaler Gateway after identifying CVE-2026-3055, a CVSS v4.0 9.3 out-of-bounds read that could let an unauthenticated remote attacker leak memory contents from customer-managed appliances explicitly configured as a SAML Identity Provider. The company said affected operators should upgrade to 14.1-66.59, 13.1-62.23, or 13.1-37.262 as applicable, and it also released Global Deny List signatures as a temporary mitigation on supported 14.1-60.52 and 14.1-60.57 firmware builds.
Show sources
- Citrix Urges Immediate Patching for Critical NetScaler Vulnerabilities — www.infosecurity-magazine.com — 24.03.2026 17:15
- CISA orders feds to patch actively exploited Citrix flaw by Thursday — www.bleepingcomputer.com — 31.03.2026 10:05