CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ⬡ Vulnerabilities & CVEs Jun 17, 2026

CVE-2026-3055: Citrix NetScaler ADC and NetScaler Gateway Out-of-Bounds Read - Rapid7

Rapid7 Archived Jun 17, 2026 ✓ Full text saved

CVE-2026-3055: Citrix NetScaler ADC and NetScaler Gateway Out-of-Bounds Read Rapid7

Full text archived locally
✦ AI Summary · Claude Sonnet


    OverviewOn March 23, 2026, Citrix published a security advisory for a critical vulnerability affecting their NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) products. This vulnerability, CVE-2026-3055, which is classified as an out-of-bounds read and holds a CVSS score of 9.3, allows unauthenticated remote attackers to leak potentially sensitive information from the appliance's memory.The Citrix advisory states that systems configured as a SAML Identity Provider (SAML IDP) are vulnerable, whereas default configurations are unaffected. This SAML IDP configuration is likely a very common configuration for organizations utilizing single sign-on. Per the advisory, organizations can determine if they have an appliance configured as a SAML IDP Profile by inspecting their NetScaler Configuration for the specified string: add authentication samlIdPProfile .*CVE-2026-3055 affects NetScaler ADC and NetScaler Gateway versions 14.1 before 14.1-66.59 and 13.1 before 13.1-62.23, as well as NetScaler ADC 13.1-FIPS and 13.1-NDcPP before 13.1-37.262. The advisory notes that only customer-managed instances are affected, not cloud instances managed by Citrix.As of the advisory’s publication, there is no known in-the-wild exploitation and no public proof-of-concept (PoC) available. According to Citrix, the vulnerability was identified internally via security review. However, exploitation of CVE-2026-3055 is likely to occur once exploit code becomes public. Therefore, it is crucial that customers running affected Citrix systems remediate this vulnerability as soon as possible; Citrix software has previously seen memory leak vulnerabilities broadly exploited in the wild, including the infamous “CitrixBleed” vulnerability, CVE-2023-4966, in 2023.Update #1: On March 29, 2026, a technical analysis of the vulnerability was published by watchTowr Labs. On March 30, 2026, CVE-2026-3055, was added to the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) list of known exploited vulnerabilities (KEV), based on evidence of active exploitation. A Metasploit module for CVE-2026-3055 is available here.Mitigation guidanceOrganizations running affected on-premise instances of NetScaler ADC and NetScaler Gateway should prioritize upgrading to fixed versions on an emergency basis to remediate CVE-2026-3055.Affected components:NetScaler ADC and NetScaler Gateway versions 14.1, fixed in 14.1-66.59.NetScaler ADC and NetScaler Gateway versions 13.1, fixed in 13.1-62.23.NetScaler ADC 13.1-FIPS and 13.1-NDcPP, fixed in 13.1-37.262 (also referred to as 13.1.37.262 in the vendor advisory).Please read the vendor advisory (CTX696300) for the latest guidance.Rapid7 customersExposure Command, InsightVM, and NexposeExposure Command, InsightVM, and Nexpose customers can assess exposure to CVE-2026-3055 on Citrix NetScaler ADC with an authenticated vulnerability check expected to be available in the March 26 content release.UpdatesMarch 23, 2026: Initial publication.March 30, 2026: Updated customer content release date.March 31, 2026: Updated overview to note the availability of a technical analysis, addition to KEV, and Metasploit module.Article TagsEmergent Threat ResponseRapid7Author PostsRelated blog postsVulnerabilities and ExploitsActive Exploitation of Oracle PeopleSoft Zero-Day (CVE-2026-35273)Jonah BurgessVulnerabilities and ExploitsCVE-2026-10520, CVE-2026-10523 - Multiple critical vulnerabilities affecting Ivanti SentryRapid7Vulnerabilities and ExploitsCritical Check Point VPN Zero-Day Exploited in the Wild (CVE-2026-50751)Rapid7Vulnerabilities and ExploitsRapid7 Observed Exploitation of PAN-OS GlobalProtect Authentication Bypass Vulnerability (CVE-2026-0257)Rapid7See all posts
    💬 Team Notes
    Article Info
    Source
    Rapid7
    Category
    ⬡ Vulnerabilities & CVEs
    Published
    Jun 17, 2026
    Archived
    Jun 17, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗