COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2026-3055

CVE-2026-3055

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2026-03-30
Reference
https://nvd.nist.gov/vuln/detail/CVE-2026-3055
⌖ exploited in the wild shame 45/100 exploited-in-wildunpatcheddata-breach

Citrix NetScaler SAML IDP configuration allows out-of-bounds memory reads, enabling attackers to read sensitive data without code execution.

This vulnerability allows attackers to read sensitive data from memory when Citrix NetScaler is configured as a SAML Identity Provider, exposing credentials and session tokens. DIB organizations must immediately patch NetScaler appliances and audit SAML configurations to prevent data exfiltration, as this is actively exploited in the wild.

Shame score — While actively exploited, the vulnerability is a known configuration issue rather than a default credential or supply-chain failure.

Players implicated

Citrix · vendorNetScaler · product

Description

Citrix NetScaler ADC (formerly Citrix ADC), NetScaler Gateway (formerly Citrix Gateway) and NetScaler ADC FIPS and NDcPP contain an out-of-bounds reads vulnerability when configured as a SAML IDP leading to memory overread.

Affected FedRAMP products 1 in the catalog

ProductProviderStatusMatch
Citrix for Government Citrix Authorized vendor-exact · 0.90