Vulnerability Details CVE-2026-3055
Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread
Exploit prediction scoring system (EPSS) score
EPSS Score 0.367
EPSS Ranking 97.1%
CVSS Severity
CVSS v3 Score 9.8
Proposed Action
Citrix NetScaler ADC (formerly Citrix ADC), NetScaler Gateway (formerly Citrix Gateway) and NetScaler ADC FIPS and NDcPP contain an out-of-bounds reads vulnerability when configured as a SAML IDP leading to memory overread.
Ransomware Campaign
Unknown
References
Products affected by CVE-2026-3055
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1-37.159
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1-37.164
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1-37.176
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1-37.183
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1-37.207
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1-37.235
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1-37.236
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1-37.241
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1-49.13
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1-49.15
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1-51.15
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1-53.17
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1-55.34
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1-58.32
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1-59.19
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1-59.22
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:14.1
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:14.1-12.35
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:14.1-25.53
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:14.1-29.72
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:14.1-43.56
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:14.1-47.46
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:14.1-47.48
-
cpe:2.3:a:citrix:netscaler_application_delivery_controller:14.1-8.50
-
cpe:2.3:a:citrix:netscaler_gateway:13.1
-
cpe:2.3:a:citrix:netscaler_gateway:13.1-49.13
-
cpe:2.3:a:citrix:netscaler_gateway:13.1-49.15
-
cpe:2.3:a:citrix:netscaler_gateway:13.1-51.15
-
cpe:2.3:a:citrix:netscaler_gateway:13.1-52.19
-
cpe:2.3:a:citrix:netscaler_gateway:13.1-53.17
-
cpe:2.3:a:citrix:netscaler_gateway:13.1-53.24
-
cpe:2.3:a:citrix:netscaler_gateway:13.1-54.29
-
cpe:2.3:a:citrix:netscaler_gateway:13.1-55.34
-
cpe:2.3:a:citrix:netscaler_gateway:13.1-56.18
-
cpe:2.3:a:citrix:netscaler_gateway:13.1-57.26
-
cpe:2.3:a:citrix:netscaler_gateway:13.1-58.32
-
cpe:2.3:a:citrix:netscaler_gateway:13.1-59.19
-
cpe:2.3:a:citrix:netscaler_gateway:13.1-59.22
-
cpe:2.3:a:citrix:netscaler_gateway:14.1
-
cpe:2.3:a:citrix:netscaler_gateway:14.1-12.35
-
cpe:2.3:a:citrix:netscaler_gateway:14.1-17.38
-
cpe:2.3:a:citrix:netscaler_gateway:14.1-21.57
-
cpe:2.3:a:citrix:netscaler_gateway:14.1-25.53
-
cpe:2.3:a:citrix:netscaler_gateway:14.1-25.56
-
cpe:2.3:a:citrix:netscaler_gateway:14.1-29.72
-
cpe:2.3:a:citrix:netscaler_gateway:14.1-34.42
-
cpe:2.3:a:citrix:netscaler_gateway:14.1-38.53
-
cpe:2.3:a:citrix:netscaler_gateway:14.1-4.42
-
cpe:2.3:a:citrix:netscaler_gateway:14.1-43.56
-
cpe:2.3:a:citrix:netscaler_gateway:14.1-47.46
-
cpe:2.3:a:citrix:netscaler_gateway:14.1-47.48
-
cpe:2.3:a:citrix:netscaler_gateway:14.1-8.50