CVE-2026-3055

March 24, 2026, 3:54 p.m.

9.3
Critical

Description

Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread

Product(s) Impacted

Vendor Product Versions
Citrix
  • Netscaler Adc
  • Netscaler Gateway
  • *
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-125
Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a citrix netScaler_adc / / / / / / / /
a citrix netScaler_gateway / / / / / / / /

References

https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300

Tags

CWE-125
2026-03-23
CVE-2026-3055
50a63c94-1ea7-4568-8c11-eb79e7c5a2b5

CVSS Score

9.3 / 10

CVSS Data - 4.0

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Attack Requirements: NONE
  • Privileges Required: NONE
  • User Interaction: NONE
  • Scope:
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH
  • Exploit Maturity: NOT_DEFINED

    • CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    View Vector String

Timeline

Published: March 23, 2026, 9:17 p.m.
Last Modified: March 24, 2026, 3:54 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

50a63c94-1ea7-4568-8c11-eb79e7c5a2b5

Linked Attack Reports

March 2026 CVE Landscape: 31 High-Impact Vulnerabilities Identified, Interlock Ransomware Group Exploits Cisco FMC Zero-Day

In March 2026, 31 high-impact vulnerabilities were identified requiring prioritization for remediation, with 29 receiving Very Critical Risk Scores. Affected vendors included Cisco, Microsoft, Google, ConnectWise, and others, with Microsoft and Apple accounting for approximately 32% of vulnerabilit…
ransomware
remote code execution
deserialization vulnerability
CVE-2025-32432
CVE-2025-54068
CVE-2025-26399
CVE-2025-53521
CVE-2025-68613
CVE-2026-20963
CVE-2026-27483
CVE-2026-21385
CVE-2021-30952
CVE-2023-41974
plasmagrid
CVE-2026-20131
CVE-2026-27944
CVE-2017-7921
CVE-2026-21262
CVE-2026-25187
CVE-2026-26127
CVE-2026-3909
CVE-2026-3910
CVE-2026-3564
ghostblade
ghostknife
ghostsaber
CVE-2026-33017
CVE-2026-3055
CVE-2026-33634
CVE-2026-33032
2026-04-14
cisco fmc
ios exploit kit
plasmaloader
zero-day exploitation
Published: April 14, 2026
Linked vulnerabilities : CVE-2025-32432 (CVSS 10.0), CVE-2025-54068 (CVSS 9.2), CVE-2025-26399 (CVSS 9.8), CVE-2025-53521 (CVSS 8.7), CVE-2025-68613 (CVSS 9.9), CVE-2026-20963 (CVSS 8.8), CVE-2026-27483 (CVSS 8.8), CVE-2026-21385 (CVSS 7.8), CVE-2023-41974, CVE-2021-30952, CVE-2026-20131 (CVSS 10.0), CVE-2026-27944 (CVSS 9.8), CVE-2017-7921, CVE-2026-21262 (CVSS 8.8), CVE-2026-25187 (CVSS 7.8), CVE-2026-26127 (CVSS 7.5), CVE-2026-3909 (CVSS 8.8), CVE-2026-3910 (CVSS 8.8), CVE-2026-3564 (CVSS 9.0), CVE-2026-33017 (CVSS 9.3), CVE-2026-3055 (CVSS 9.3), CVE-2026-33634 (CVSS 9.4), CVE-2026-33032 (CVSS 9.8)
Downloadable IOCs: 2

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.