Find notable cyber news and cases, enriched with sources, timelines, and signals.

NetScaler ADC and NetScaler Gateway out-of-bounds read security flaw (CVE-2026-3055)

Vulnerability
First reported
Last updated
Happening score
H score 38
2 unique sources, 2 articles

Summary

Hide ▲

A critical out-of-bounds read in NetScaler ADC and NetScaler Gateway can let an unauthenticated remote attacker leak sensitive memory contents from affected appliances. CVE-2026-3055 affects specific customer-managed builds configured as a SAML Identity Provider, and the vendor has released fixed versions plus a temporary Global Deny List mitigation. The issue matters because the flaw is rated CVSS 9.3 even though there is no known in-the-wild exploitation and no public PoC at publication time.

Related Happenings

NetScaler ADC/Gateway arbitrary file read security flaw (CVE-2026-10816)

Vulnerability
H score30 First: 01.07.2026 06:54 Last: 01.07.2026 06:54 Sources 1

About this happening: Citrix's **NetScaler ADC** and **NetScaler Gateway** now have **CVE-2026-10816**, a **7.7** flaw that can expose files through **unauthenticated arbitrary file read** when managem...

SolarWinds Serv-U advisory and mitigations for CVE-2026-28318

Advisory/Mitigation
H score52 First: 06.06.2026 11:14 Last: 06.06.2026 11:14 Sources 1

About this happening: **SolarWinds Serv-U** mitigation guidance now covers **CVE-2026-28318**, reducing **unauthenticated DoS** risk from specially crafted POST requests. SolarWinds says the flaw is ad...

Microsoft Exchange CVE-2026-42897 mitigation advisory

Advisory/Mitigation
H score44 First: 15.05.2026 12:40 Last: 15.05.2026 12:40 Sources 1

About this happening: **Microsoft** issued immediate mitigation guidance for **CVE-2026-42897**, reducing risk for **Exchange Server 2016, 2019, and Subscription Edition (SE)** on-premises servers that...

Latest development: 15.05.2026 15:35

Microsoft issued temporary mitigation guidance for CVE-2026-42897 while a patch is still in development, recommending the Exchange Emergency Mitigation (EM) Service, which is enabled by default and can be checked with the Exchange Health Checker script, or the Exchange On-premises Mitigation Tool (EOMT) for disconnected or air-gapped environments. Microsoft noted that the mitigations can disrupt features such as OWA Print Calendar and Inline images, and that servers older than March 2023 cannot receive new mitigations through EM Service.

PAN-OS User-ID Authentication Portal mitigation guidance (CVE-2026-0300)

Advisory/Mitigation
H score77 First: 06.05.2026 09:14 Last: 06.05.2026 09:14 Sources 1

About this happening: Palo Alto Networks issued **mitigation guidance** for **CVE-2026-0300** after the **PAN-OS User-ID Authentication Portal** flaw was reported **exploited in the wild**, leaving pub...

CISA KEV order for CVE-2026-3055 on Citrix appliances

Public Sector Action
H score34 First: 31.03.2026 10:05 Last: 31.03.2026 10:05 Sources 1

How related: On Monday, CISA added the CVE-2026-3055 vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, ordering Federal Civilian Executive Branch (FCEB) agencies to secure vulnerable Citrix appliances by Thursday, April 2, as mandated by Binding Operational Directive (BOD) 22-01.

About this happening: CISA added **CVE-2026-3055** to the **KEV Catalog** and ordered **FCEB agencies** to secure **Citrix NetScaler** appliances by **Thursday, April 2**, turning an **actively exploit...

Timeline

  1. 24.03.2026 17:15 2 articles · 3mo ago

    Citrix issues critical NetScaler CVE-2026-3055 bulletin

    Initial Disclosure

    Citrix released a critical security bulletin for NetScaler Application Delivery Controller (ADC) and NetScaler Gateway after identifying CVE-2026-3055, a CVSS v4.0 9.3 out-of-bounds read that could let an unauthenticated remote attacker leak memory contents from customer-managed appliances explicitly configured as a SAML Identity Provider. The company said affected operators should upgrade to 14.1-66.59, 13.1-62.23, or 13.1-37.262 as applicable, and it also released Global Deny List signatures as a temporary mitigation on supported 14.1-60.52 and 14.1-60.57 firmware builds.

    Show sources