Skip to main content

Citrix CVE-2026-3055

| EUVDEUVD-2026-14546 CRITICAL
Out-of-bounds Read (CWE-125)
2026-03-23 NetScaler GHSA-wv7p-q4p2-p6pf
9.3
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
9.3 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

9
Analysis Updated
Apr 16, 2026 - 05:49 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
66.59,37.262,62.23
Added to CISA KEV
Mar 31, 2026 - 13:18 cisa
CISA KEV
PoC Detected
Mar 31, 2026 - 13:18 vuln.today
Public exploit code
Started Trending
Mar 31, 2026 - 11:23 vuln.today
6.7
EUVD ID Assigned
Mar 23, 2026 - 20:30 euvd
EUVD-2026-14546
Analysis Generated
Mar 23, 2026 - 20:30 vuln.today
CVE Published
Mar 23, 2026 - 20:21 nvd
CRITICAL 9.3

DescriptionCVE.org

Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread

AnalysisAI

An insufficient input validation vulnerability exists in Citrix NetScaler ADC and NetScaler Gateway when configured as a SAML Identity Provider, allowing attackers to trigger a memory overread condition. The vulnerability affects both the NetScaler ADC and NetScaler Gateway products across multiple versions, and successful exploitation could lead to information disclosure by reading adjacent memory contents. While no CVSS score or EPSS data is currently published, the CWE-125 classification (Out-of-bounds Read) combined with the SAML IDP configuration context suggests moderate to high real-world risk for organizations relying on these devices for identity management.

Technical ContextAI

The vulnerability resides in the SAML Identity Provider functionality of NetScaler products. SAML (Security Assertion Markup Language) is an XML-based standard for single sign-on and federation. When NetScaler ADC or Gateway is configured as a SAML IDP, it processes SAML authentication requests and generates assertions. The root cause, classified under CWE-125 (Out-of-bounds Read), indicates that the affected code fails to properly validate the length or bounds of user-supplied input before using it in a memory read operation. This could occur during parsing of SAML request parameters, metadata fields, or assertion elements. Attackers can craft malformed SAML requests to cause the parser to read beyond allocated buffer boundaries, exposing adjacent memory regions that may contain sensitive data such as session tokens, cryptographic keys, or other authentication secrets. The CPE identifiers cpe:2.3:a:netscaler:adc:*:*:*:*:*:*:*:* and cpe:2.3:a:netscaler:gateway:*:*:*:*:*:*:*:* indicate that all versions of both products are potentially affected.

RemediationAI

Organizations should immediately consult Citrix KB article CTX696300 (https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300) to obtain patched versions when they become available and apply updates according to Citrix's guidance. Until patches are deployed, implement the following interim mitigations: restrict network access to NetScaler SAML endpoints to only trusted identity providers and relying parties using firewall rules or network segmentation; disable SAML IDP functionality if not actively required; implement network monitoring and rate limiting on SAML endpoints to detect anomalous request patterns; review SAML request logs for malformed or oversized inputs; and consider placing NetScaler instances behind additional authentication or inspection layers. Organizations with critical dependencies on SAML authentication should prioritize patching once available and consider staging updates in test environments first given the sensitivity of identity infrastructure.

More in Citrix

View all
CVE-2017-6316 CRITICAL POC
9.8 Jul 20

Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as r

CVE-2025-5777 HIGH POC
7.5 Jun 17

Citrix NetScaler ADC and Gateway contain an input validation vulnerability (CVE-2025-5777, CVSS 7.5) leading to memory o

CVE-2012-0217 HIGH POC
7.2 Jun 12

The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and

CVE-2017-17382 MEDIUM POC
5.9 Dec 13

Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build

CVE-2025-6543 CRITICAL POC
9.8 Jun 25

Citrix NetScaler ADC and Gateway contain a memory overflow vulnerability (CVE-2025-6543, CVSS 9.8) leading to unintended

CVE-2015-2682 MEDIUM POC
5.0 Mar 26

Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 allows remote attackers to obtain credentials via

CVE-2026-8451 HIGH POC
8.8 Jun 30

Memory overread in Citrix NetScaler ADC and NetScaler Gateway lets remote attackers read out-of-bounds memory when the a

CVE-2019-12990 CRITICAL POC
9.8 Jul 16

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Traversal. Rated critical s

CVE-2019-12989 CRITICAL POC
9.8 Jul 16

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection. Rated critical severit

CVE-2019-12988 CRITICAL POC
9.8 Jul 16

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 4 of

CVE-2019-12987 CRITICAL POC
9.8 Jul 16

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 3 of

CVE-2019-12986 CRITICAL POC
9.8 Jul 16

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 2 of

Share

CVE-2026-3055 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy