THREAT SENTINEL
Back to Dashboard
VulnerabilitiesHigh

Citrix NetScaler CVE-2026-3055 Out-of-Bounds Read Under Active Exploitation

Thursday, April 2, 2026
Global
CISA KEV + The Hacker News

Summary

Citrix NetScaler ADC and Gateway are under active exploitation via CVE-2026-3055, an out-of-bounds read vulnerability that leaks sensitive memory when configured as a SAML Identity Provider. CISA added to KEV March 30, 2026.

Threat Analysis

CVE-2026-3055 is an out-of-bounds read (CWE-125) in Citrix NetScaler ADC and Gateway. Active exploitation observed targeting internet-facing appliances.

Affected Products: Citrix NetScaler ADC and NetScaler Gateway all versions prior to patched release. Particularly dangerous when configured as SAML IDP.

Exploitation Status: Active reconnaissance and exploitation. Attackers extracting authentication tokens and credentials from memory.

Recommended Mitigations: (1) Apply Citrix security updates immediately. (2) Restrict management interface access. (3) Review SAML IDP configurations. (4) Monitor logs for unusual authentication patterns.

Last updated: Apr 2, 2026, 08:23 AM

Daily Intelligence

Stay Ahead of Threats

Subscribe to receive daily threat briefings delivered to your inbox. Be the first to know about emerging security risks.

No spamUnsubscribe anytimeDaily at 9 AM