๐ฅ This vulnerability is being actively exploited in the wild (CISA Known Exploited Vulnerabilities catalog)
CVE-2026-3055: Citrix NetScaler Out-of-Bounds Read Vulnerability
Summary
Citrix NetScaler contains an out-of-bounds read vulnerability (a memory access bug where software reads past the boundaries of allocated memory) in its SAML IDP (SAML identity provider, which authenticates users) component, potentially exposing sensitive data. This vulnerability is currently being actively exploited by attackers in the wild. The vulnerability affects multiple NetScaler products including NetScaler ADC, NetScaler Gateway, and their FIPS and NDcPP variants.
Solution / Mitigation
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Consult the Citrix Security Bulletin (CTX696300) for detailed patching information.
Vulnerability Details
EPSS: 0.0%
Yes
๐ฅ Actively Exploited
March 29, 2026
Classification
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-3055
First tracked: March 30, 2026 at 08:00 PM
Classified by LLM (prompt v3) ยท confidence: 95%