CVE-2026-3055 - Vulnerability Details

- Insufficient input validation leading to memory overread

Description

Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread

Published: 2026-03-23

Score: 9.3 Critical

EPSS: 55.7% High

KEV: Yes

Impact:

Action:

Analysis

Impact

Insufficient input validation in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway when configured as a SAML Identity Provider allows attackers to trigger a memory overread. The flaw can expose raw memory contents or other sensitive information when crafted requests are sent to the appliance. The weakness is classified as CWE-125: Out‑of‑Bounds Read. The description does not explicitly state that code execution is possible, so the primary risk is data disclosure.

Affected Systems

Citrix NetScaler Application Delivery Controller and Citrix NetScaler Gateway are affected. The vulnerability manifests only when these appliances are configured as SAML IDPs. Version information is not provided, so all builds supporting the SAML IDP configuration path are potentially vulnerable.

Risk and Exploitability

The CVSS score of 9.3 indicates high severity, and the EPSS score of 37% suggests a moderate to high likelihood of exploitation. The vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog, meaning that exploits are observed or reported. The attack vector is inferred to be remote over the network, requiring the ability to send crafted SAML requests to the appliance. No local or physical prerequisites are indicated in the description.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

NetScaler

ADC

unaffected

Version	Status	Constraints
`14.1`	affected	< 66.59
`13.1`	affected	< 62.23
`13.1 FIPS and NDcPP`	affected	< 37.262

NetScaler

Gateway

unaffected

Version	Status	Constraints
`14.1`	affected	< 66.59
`13.1`	affected	< 62.23

Configuration 1 [-]

OR	cpe:2.3:a:citrix:netscaler_application_delivery_controller:::::fips:::*
	cpe:2.3:a:citrix:netscaler_application_delivery_controller:::::ndcpp:::*
	cpe:2.3:a:citrix:netscaler_application_delivery_controller:::::-:::*
	cpe:2.3:a:citrix:netscaler_application_delivery_controller:::::-:::*

Configuration 2 [-]

OR	cpe:2.3:a:citrix:netscaler_gateway::::::::
	cpe:2.3:a:citrix:netscaler_gateway::::::::

No data.

Vendor Product Confidence Versions

Netscaler

Adc

100%

Version	Status	Scheme	Platform
`[14.1,66.59)`	affected	generic	—
`[13.1,62.23)`	affected	generic	—
`[13.1 FIPS and NDcPP,37.262)`	affected	generic	—

Netscaler

Gateway

100%

Version	Status	Scheme	Platform
`[14.1,66.59)`	affected	generic	—
`[13.1,62.23)`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest security update for Citrix NetScaler ADC and NetScaler Gateway as released by Citrix.
If a patch is not yet available, disable or restrict external access to the SAML IDP functionality on the affected appliances.
Monitor system logs for anomalous memory access patterns or repeated authentication failures and investigate any suspicious activity.

Generated by OpenCVE AI on March 31, 2026 at 15:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact Low

Subsequent System Availability Impact Low

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is in the KEV database since March 30, 2026.

The EPSS score is 0.55708.

Exploitation active

Automatable yes

Technical Impact total

References

Link	Providers
https://labs.watchtowr.com/please-we-beg-just-one-weekend-free-of-appliances-citrix-netscaler-cve-2026-3055-memory-overread-part-2/
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-3055

History

Tue, 31 Mar 2026 13:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Citrix Citrix netscaler Application Delivery Controller Citrix netscaler Gateway
CPEs		cpe:2.3:a:citrix:netscaler_application_delivery_controller:::::-:::* cpe:2.3:a:citrix:netscaler_application_delivery_controller:::::fips:::* cpe:2.3:a:citrix:netscaler_application_delivery_controller:::::ndcpp:::* cpe:2.3:a:citrix:netscaler_gateway::::::::
Vendors & Products		Citrix Citrix netscaler Application Delivery Controller Citrix netscaler Gateway
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

Mon, 30 Mar 2026 19:15:00 +0000

Type	Values Removed	Values Added
References		https://labs.watchtowr.com/please-we-beg-just-one-weekend-free-of-appliances-citrix-netscaler-cve-2026-3055-memory-overread-part-2/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-3055
Metrics	ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`	kev `{'dateAdded': '2026-03-30T00:00:00+00:00', 'dueDate': '2026-04-02T00:00:00+00:00'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 24 Mar 2026 10:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Netscaler Netscaler adc Netscaler gateway
Vendors & Products		Netscaler Netscaler adc Netscaler gateway

Tue, 24 Mar 2026 02:30:00 +0000

Type	Values Removed	Values Added
Description		Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread
Title		Insufficient input validation leading to memory overread
Weaknesses		CWE-125
References		https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300
Metrics		cvssV4_0 `{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Subscriptions

Citrix Netscaler Application Delivery Controller Netscaler Gateway

Netscaler Adc Gateway

MITRE

Status: PUBLISHED

Assigner: NetScaler

Published: 2026-03-23T20:21:27.107Z

Updated: 2026-03-31T03:55:32.569Z

Reserved: 2026-02-23T18:00:08.900Z

Link: CVE-2026-3055

Vulnrichment

Updated: 2026-03-23T20:38:42.481Z

NVD

Status : Analyzed

Published: 2026-03-23T21:17:17.477

Modified: 2026-03-31T13:18:14.213

Link: CVE-2026-3055

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-31T20:09:23Z

Weaknesses

CWE-125

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact Low

Subsequent System Availability Impact Low

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation active

Automatable yes

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object