CVE-2026-3055

CriticalCISA KEVActive ExploitationPublic PoC

Published: 23 March 2026

Published

23 March 2026

Modified

31 March 2026

KEV Added

30 March 2026

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.8002 99.1th percentile

Risk Priority 88 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-3055 is a critical-severity Out-of-bounds Read (CWE-125) vulnerability in Citrix Netscaler Application Delivery Controller. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 0.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly enforces comprehensive input validation mechanisms to prevent memory overreads from malformed SAML inputs in NetScaler ADC/Gateway.

SI-16 Memory Protection good match

prevent

Implements security safeguards to protect system memory from unauthorized access, directly mitigating the memory overread vulnerability.

SI-2 Flaw Remediation good match

prevent

Requires identification, reporting, and correction of flaws like this CVE through timely patching as per vendor advisory.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

The vulnerability is a remotely exploitable flaw in a public-facing NetScaler ADC/Gateway SAML IDP with no privileges required, directly enabling T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread

Deeper analysisAI

CVE-2026-3055 is a critical vulnerability (CVSS 9.8, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) stemming from insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML Identity Provider (IDP), leading to a memory overread classified under CWE-125. Published on 2026-03-23, it affects these Citrix components in the specified configuration.

The vulnerability enables remote attackers to exploit it with low complexity, requiring no privileges, user interaction, or special conditions. Exploitation results in high impacts across confidentiality, integrity, and availability, potentially allowing attackers to read sensitive memory contents and disrupt system operations.

Mitigation details are outlined in the official Citrix advisory at CTX696300. Further technical analysis appears in Watchtower Labs' coverage, and the vulnerability is included in CISA's Known Exploited Vulnerabilities catalog.

Details

CWE(s): CWE-125
KEV Date Added: 30 March 2026

Affected Products

citrix

netscaler application delivery controller

13.1 — 13.1-37.262 · 13.1 — 13.1-37.262 · 13.1 — 13.1-62.23

citrix

netscaler gateway

13.1 — 13.1-62.23 · 14.1 — 14.1-60.58

CVEs Like This One

CVE-2025-7775Same product: Citrix Netscaler Application Delivery Controllerboth on KEV

CVE-2025-7776Same product: Citrix Netscaler Application Delivery Controller

CVE-2025-0282Same product class: VPN / SSL gatewayboth on KEV

CVE-2026-24858Same product class: VPN / SSL gatewayboth on KEV

CVE-2024-55591Same product class: VPN / SSL gatewayboth on KEV

CVE-2025-24472Same product class: VPN / SSL gatewayboth on KEV

CVE-2025-0111Same product class: VPN / SSL gatewayboth on KEV

CVE-2025-59718Same product class: VPN / SSL gatewayboth on KEV

CVE-2025-0108Same product class: VPN / SSL gatewayboth on KEV

CVE-2024-46670Same product class: VPN / SSL gateway

References

https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300
Vendor Advisory · 50a63c94-1ea7-4568-8c11-eb79e7c5a2b5
https://labs.watchtowr.com/please-we-beg-just-one-weekend-free-of-appliances-citrix-netscaler-cve-2026-3055-memory-overread-part-2/
Exploit, Third Party Advisory · 134c704f-9b21-4f2e-91b3-4a467353bcc0
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-3055
US Government Resource · 134c704f-9b21-4f2e-91b3-4a467353bcc0