CVE-2026-3055
Citrix NetScaler Out-of-Bounds Read Vulnerability
CVSS
—
No CVSS
EPSS
84.0%
p100
KEV
YES
Mar 30, 2026
Exploit Today
80
0-100
Published: — · Last modified: —
Product
Citrix / NetScaler
Vulnerability
Citrix NetScaler Out-of-Bounds Read Vulnerability
Added to KEV
Mar 30, 2026
Remediate by
Apr 2, 2026
Known ransomware use
No
Summary description
Citrix NetScaler ADC (formerly Citrix ADC), NetScaler Gateway (formerly Citrix Gateway) and NetScaler ADC FIPS and NDcPP contain an out-of-bounds reads vulnerability when configured as a SAML IDP leading to memory overread.
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300&articleURL=NetScaler_ADC_and_NetScaler_Gateway_Security_Bulletin_for_CVE_2026_3055_and_CVE_2026_4368 ; https://nvd.nist.gov/vuln/detail/CVE-2026-3055