CVE-2026-3055
CISA KEVPublished March 30, 2026 · Updated April 3, 2026
What This Means
# CVE-2026-3055: Citrix NetScaler SAML IDP Memory Overread **What it is:** Citrix NetScaler ADC, NetScaler Gateway, and NetScaler ADC FIPS/NDcPP contain an out-of-bounds read vulnerability in SAML identity provider (IDP) configurations that allows attackers to read adjacent memory beyond intended boundaries. **Impact:** An attacker can extract sensitive data from adjacent memory regions, including session tokens, credentials, or other application secrets, without authentication if the appliance is configured as a SAML IDP. **What to do:** Identify NetScaler instances running SAML IDP functionality using Citrix's configuration audit tools or network discovery. Apply Citrix security patches immediately when released. Restrict network access to SAML endpoints using firewall rules and WAF policies until patched. Monitor SAML authentication logs for abnormal memory access patterns or malformed requests.
Official Description+
Citrix NetScaler ADC (formerly Citrix ADC), NetScaler Gateway (formerly Citrix Gateway) and NetScaler ADC FIPS and NDcPP contain an out-of-bounds reads vulnerability when configured as a SAML IDP leading to memory overread.
Affected Products
| Vendor | Product |
|---|---|
| Citrix | NetScaler |
Patch Status
Recommended Actions
- Check if your systems use any of the affected products listed above.
- Apply vendor patches immediately if available.
- This vulnerability is in CISA's Known Exploited Vulnerabilities catalog — prioritize remediation.
- Monitor vendor advisories for updates and additional mitigations.
- Review logs for indicators of compromise related to CVE-2026-3055.