CVE-2026-3055

CVE-2026-3055 is a pre-authentication out-of-bounds read (CWE-125) vulnerability in Citrix NetScaler ADC and NetScaler Gateway appliances configured as SAML Identity Providers. Insufficient input validation in the SAML IDP request processing path allows unauthenticated remote attackers to craft malicious requests triggering a memory overread condition, leaking sensitive data including active session tokens, authentication state data, certificates, private keys, and user credentials from adjacent memory regions. The vulnerability requires no authentication, no user interaction, and has low attack complexity. It is the third major memory-read vulnerability in NetScaler's authentication infrastructure following CitrixBleed (CVE-2023-4966) and CitrixBleed2 (CVE-2025-5777). Over 56,000 NetScaler services are discoverable on Shodan. Patched in versions 14.1-66.59, 13.1-62.23, and 13.1-37.262.

Weaknesses (CWE)

CWE-125

Threats tracking this CVE

• CVE-2026-3055 & CVE-2026-4368: Citrix NetScaler ADC/Gateway Unauthenticated Memory Disclosure and Session Hijacking — CRITICAL
• CVE-2026-3055 & CVE-2026-4368: Citrix NetScaler ADC/Gateway Pre-Auth Memory Overread and Session Mixup — CRITICAL

Markdown version · Threadlinqs Intelligence