Critical Memory Overread Vulnerability in Citrix NetScaler Exploited

Critical Memory Overread Vulnerability in Citrix NetScaler Exploited

First seen 29 May 2026, 02:11 UTC Filestore.Fortinetsupport.citrix.comwww.fortiguard.com 85% similarity 78.0

Article Content

Browse articles
ThreatCluster

Citrix NetScaler ADC and Gateway are affected by CVE-2026-3055, a critical vulnerability due to insufficient input validation during SAML authentication, leading to memory overread. Exploitation attempts have surged, with FortiGuard reporting over 2,000 blocked attacks daily, primarily targeting SAML services in sectors like Technology and Government. The vulnerability has a CVSS score of 9.3 and was added to CISA's Known Exploited Vulnerabilities catalog on March 30, 2026. Organizations using affected systems are at risk of credential exposure and unauthorized access. Citrix has urged customers to upgrade to patched versions immediately. The vulnerability was publicly disclosed on March 3, 2026, with a proof of concept released shortly before. The ongoing exploitation highlights the urgency for remediation.

Key Points: • CVE-2026-3055 is a critical memory overread vulnerability in Citrix NetScaler. • Over 2,000 daily exploitation attempts have been detected, primarily targeting SAML services. • Affected organizations must upgrade to patched versions to mitigate risks of credential exposure.

ThreatCluster AI

Timeline

2026-03-23
CVE-2026-3055 published
Citrix disclosed a critical vulnerability affecting NetScaler ADC and Gateway due to insufficient input validation.
support.citrix.com
2026-03-23
CVE-2026-4368 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-03-29
First public PoC released
A proof of concept for CVE-2026-3055 was publicly disclosed, increasing the risk of exploitation.
Filestore.Fortinet
2026-03-30
CVE-2026-3055 added to CISA KEV catalog
CISA confirmed active exploitation of CVE-2026-3055 and added it to the Known Exploited Vulnerabilities catalog.
Filestore.Fortinet
2026-05-25
CVE-2026-3055 confirmed exploitation activity
Telemetry showed sustained exploitation attempts, with peaks over 2,700 daily events targeting vulnerable systems.
Filestore.Fortinet
2026-05-29
Citrix urges customers to upgrade
Citrix strongly recommended that customers upgrade to patched versions of NetScaler ADC and Gateway to mitigate risks.
support.citrix.com

Community

Browse all →