CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Apr 2, 2026
Description
Referenced in article: Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks
EPSS — Exploit Probability
Higher than 5.3% of all CVEs
Required Action
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300&articleURL=NetScaler_ADC_and_NetScaler_Gateway_Security_Bulletin_for_CVE_2026_3055_and_CVE_2026_4368 ; https://nvd.nist.gov/vuln/detail/CVE-2026-3055
Related Articles (4)
Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks
Citrix fixes CVE-2026-3055 memory flaw in NetScaler, enabling data leaks in SAML setups, raising risk of imminent exploitation.
Mar 24, 2026
Critical Citrix NetScaler Vulnerability Poised for Exploitation, Security Firms Warn
An out-of-bounds read vulnerability can be exploited remotely without authentication to read sensitive information from memory.
Mar 24, 2026
Citrix urges admins to patch NetScaler flaws as soon as possible
Citrix has patched two NetScaler ADC and NetScaler Gateway vulnerabilities, one of which is very similar to the CitrixBleed and CitrixBleed2 flaws exploited in zero-day attacks in recent years.
Mar 25, 2026
Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug
CVE-2026-3055 targets Citrix NetScaler with active reconnaissance, risking data leaks on SAML IDP setups.
Mar 28, 2026
Risk Assessment
ELEVATEDDetails
- Severity
- Info
- EPSS
- 0.0%
- CISA KEV
- Yes
- Ransomware
- Unknown
- Articles
- 4
Timeline
Published
Mar 28, 2026
Added to KEV
Mar 30, 2026
Remediation Due
Apr 2, 2026