CVE-2026-3055

high-risk

Published 2026-03-23

Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread

Do I need to act?

50.8% chance of exploitation in next 30 days

EPSS score — higher than 49% of all CVEs

CISA KEV: actively exploited in the wild

On the Known Exploited Vulnerabilities catalog — federal agencies must patch

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Netscaler Application Delivery Controller

Netscaler Gateway

Citrix

Vendor Advisory https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300

Exploit https://labs.watchtowr.com/please-we-beg-just-one-weekend-free-of-appliances-cit...

US Government Resource https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-...

Get this data via API

curl -H "Authorization: Bearer YOUR_KEY" \
  https://cyber.phasetransitions.ai/api/v1/cves/CVE-2026-3055

Free tier: 100 requests/day, no credit card.

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 25/34 · High

Exposure 10/34 · Low