CISA KEV order for CVE-2026-3055 on Citrix appliances
Public Sector Action
Summary
Hide ▲
Show ▼
CISA added CVE-2026-3055 to the KEV Catalog and ordered FCEB agencies to secure Citrix NetScaler appliances by Thursday, April 2, turning an actively exploited flaw into a federal remediation deadline. The directive falls under BOD 22-01 and applies to vulnerable Citrix ADC and Citrix Gateway deployments. CISA also urged other defenders to patch quickly or stop using the product if mitigations are unavailable.
Related Happenings
CISA orders FCEB patching for CVE-2026-9082
Public Sector Action
First: 26.05.2026 11:46
Last: 26.05.2026 11:46
Sources 1
About this happening:
**CISA** added **CVE-2026-9082** to the **KEV Catalog** and ordered **FCEB agencies** to patch **Drupal** by **May 27**, turning an actively exploited flaw into a mandatory federa...
CISA orders FCEB patching for CVE-2026-9082
Public Sector ActionAbout this happening: **CISA** added **CVE-2026-9082** to the **KEV Catalog** and ordered **FCEB agencies** to patch **Drupal** by **May 27**, turning an actively exploited flaw into a mandatory federa...
Microsoft Exchange CVE-2026-42897 mitigation advisory
Advisory/Mitigation
First: 15.05.2026 12:40
Last: 15.05.2026 12:40
Sources 1
About this happening:
**Microsoft** issued immediate mitigation guidance for **CVE-2026-42897**, reducing risk for **Exchange Server 2016, 2019, and Subscription Edition (SE)** on-premises servers that...
Microsoft Exchange CVE-2026-42897 mitigation advisory
Advisory/MitigationAbout this happening: **Microsoft** issued immediate mitigation guidance for **CVE-2026-42897**, reducing risk for **Exchange Server 2016, 2019, and Subscription Edition (SE)** on-premises servers that...
Latest development: 15.05.2026 15:35
Microsoft issued temporary mitigation guidance for CVE-2026-42897 while a patch is still in development, recommending the Exchange Emergency Mitigation (EM) Service, which is enabled by default and can be checked with the Exchange Health Checker script, or the Exchange On-premises Mitigation Tool (EOMT) for disconnected or air-gapped environments. Microsoft noted that the mitigations can disrupt features such as OWA Print Calendar and Inline images, and that servers older than March 2023 cannot receive new mitigations through EM Service.
Windows Netlogon stack-based buffer overflow security flaw (CVE-2026-41089)
Vulnerability
First: 13.05.2026 11:15
Last: 13.05.2026 11:15
Sources 1
About this happening:
Microsoft’s **May Patch Tuesday** fixed **CVE-2026-41089**, a **critical** stack-based buffer overflow in **Windows Netlogon** that could let attackers gain **system privileges**...
Windows Netlogon stack-based buffer overflow security flaw (CVE-2026-41089)
VulnerabilityAbout this happening: Microsoft’s **May Patch Tuesday** fixed **CVE-2026-41089**, a **critical** stack-based buffer overflow in **Windows Netlogon** that could let attackers gain **system privileges**...
CISA emergency patch deadline for Ivanti EPMM
Public Sector Action
First: 08.05.2026 15:16
Last: 08.05.2026 15:16
Sources 1
About this happening:
CISA ordered **U.S. federal agencies** to patch **Ivanti EPMM** by **midnight Sunday, May 10** after adding **CVE-2026-6973** to its list of vulnerabilities exploited in attacks....
CISA emergency patch deadline for Ivanti EPMM
Public Sector ActionAbout this happening: CISA ordered **U.S. federal agencies** to patch **Ivanti EPMM** by **midnight Sunday, May 10** after adding **CVE-2026-6973** to its list of vulnerabilities exploited in attacks....
CISA KEV order for Copy Fail on federal Linux devices
Public Sector Action
First: 08.05.2026 10:45
Last: 08.05.2026 10:45
Sources 1
About this happening:
**CISA** added **Copy Fail** to the **Known Exploited Vulnerabilities (KEV) Catalog**, making the Linux flaw a federal remediation priority. The agency ordered **federal agencies*...
CISA KEV order for Copy Fail on federal Linux devices
Public Sector ActionAbout this happening: **CISA** added **Copy Fail** to the **Known Exploited Vulnerabilities (KEV) Catalog**, making the Linux flaw a federal remediation priority. The agency ordered **federal agencies*...
Timeline
-
31.03.2026 10:05 1 articles · 1mo ago
Citrix releases patches for CVE-2026-3055
Initial DisclosureCitrix released security updates for CVE-2026-3055 after multiple cybersecurity companies warned that the flaw resembled CitrixBleed and CitrixBleed2 and could let unauthenticated remote attackers steal sensitive information from Citrix ADC or Citrix Gateway appliances configured as SAML identity providers.
Show sources
- CISA orders feds to patch actively exploited Citrix flaw by Thursday — www.bleepingcomputer.com — 31.03.2026 10:05
-
31.03.2026 10:05 2 articles · 1mo ago
CISA adds CVE-2026-3055 to the KEV Catalog
Legal Policy Action UpdateCISA added CVE-2026-3055 to the Known Exploited Vulnerabilities Catalog and ordered Federal Civilian Executive Branch agencies to secure vulnerable Citrix appliances by Thursday, April 2 under Binding Operational Directive 22-01, while urging other defenders to patch quickly or discontinue use if mitigations are unavailable.
Show sources
- CISA orders feds to patch actively exploited Citrix flaw by Thursday — www.bleepingcomputer.com — 31.03.2026 10:05
- CISA orders feds to patch actively exploited Citrix flaw by Thursday — www.bleepingcomputer.com — 31.03.2026 10:05
-
31.03.2026 10:05 1 articles · 1mo ago
Watchtowr and Shadowserver report exploitation and exposure
Detection Ioc UpdateWatchtowr said CVE-2026-3055 was already being abused in the wild days after Citrix issued patches, warning that attackers can steal admin authentication session IDs and potentially take over unpatched NetScaler appliances; Shadowserver also tracked nearly 30,000 NetScaler ADC appliances and over 2,300 Gateway instances exposed online, while Citrix had not confirmed ongoing attacks.
Show sources
- CISA orders feds to patch actively exploited Citrix flaw by Thursday — www.bleepingcomputer.com — 31.03.2026 10:05