The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Citrix NetScaler to its Known Exploited Vulnerabilities catalog.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Citrix NetScaler, tracked as CVE-2026-3055 (CVSS ver. 4.0 score of 9.3), to its Known Exploited Vulnerabilities (KEV) catalog.
In March, Citrix issued security updates for two NetScaler vulnerabilities, including the critical vulnerability, tracked as CVE-2026-3055 (CVSS score of 9.3), that allows unauthenticated attackers to leak sensitive data.
The flaw CVE-2026-3055 is an insufficient input validation that leads to a memory overread. It can be triggered only if Citrix ADC or Citrix Gateway are configured as a SAML IDP.
Customers can check if their NetScaler appliance is set up as a SAML IDP by looking for the configuration string:
EXPLORE MORE
Precision Strike Severs Tehran-Karaj Link
In one of the most visually devastating moments of the 2026 conflict,…
From DualShock to Rally2: How PS1 Classics Shaped Max McRae’s Winning Pace
March 30, 2026 — In the world of elite rallying, more information…
Direct Hit: Smoke Rises Over Eilat After Iranian Missile Penetrates Air Defenses
Rising behind the residential high-rises and the city's iconic maritime monuments, this…
U.S. CISA adds a Langflow flaw to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in…
Federal judge rules Oregon can’t force pro-life group to pay for abortions
A federal judge has sided with Oregon Right to Life (ORTL) in…
The Wyoming Blueprint: How a 2023 Highway Drill Predicted the Isfahan Rescue
The successful, high-stakes extraction of a downed F-15E pilot from the heart…
add authentication samlIdPProfile .*
“This vulnerability, CVE-2026-3055, which is classified as an out-of-bounds read and holds a CVSS score of 9.3, allows unauthenticated remote attackers to leak potentially sensitive information from the appliance’s memory.” reads the advisory published by Rapid7 researchers. “The Citrix advisory states that systems configured as a SAML Identity Provider (SAML IDP) are vulnerable, whereas default configurations are unaffected. This SAML IDP configuration is likely a very common configuration for organizations utilizing single sign-on.”
At this time, CVE-2026-3055 has no known in-the-wild exploits or public proof-of-concept. Citrix discovered it internally, but once exploit code is released, attacks are likely. Customers should patch immediately, as similar memory-leak flaws like “CitrixBleed” (CVE-2023-4966) were widely exploited in 2023.
The second vulnerability fixed by the vendor is a race condition tracked as CVE-2026-4368 (CVSS score of 7.7) that causes session mix-ups.
According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
Experts also recommend that private organizations review the Catalog and address the vulnerabilities in their infrastructure.
CISA orders federal agencies to fix the vulnerability by April 2, 2026.
