Planned Fix
CVE-2026-3055
Last analyzed: Loading...
Type
Not available
Auth Required
Unknown
PoC Available
Unknown
Vendor
Citrix
Product
Citrix NetScaler ADC and NetScaler Gateway
Exposure
Internet-facing
Default Config
Unknown
CVSS Score
Not available
- Name
- Not available
- Summary
- Not available
- Vendor
- Citrix
- Product Name
- Citrix NetScaler ADC and NetScaler Gateway
- Product Description
- Citrix NetScaler ADC (Application Delivery Controller) and NetScaler Gateway are networking appliances used to deliver, secure, and optimize applications and access. CVE-2026-3055 is a high-severity vulnerability described as an out-of-bounds read that could allow an unauthenticated attacker to leak memory contents from affected NetScaler appliances.
- Affected Versions
- All currently supported NetScaler ADC and NetScaler Gateway versions; patched builds referenced in Citrix advisories for related CVEs are expected to address this class of memory-disclosure issues.
- Affected Component
- Memory handling / request-processing paths in NetScaler ADC and NetScaler Gateway that process network requests, leading to potential memory disclosure under certain configurations.
- Component URLs
- Protocol
- HTTP
- Ports
- 80443
- Internet-facing Likelihood
- 70%
- Exposure Level
- Internet-facing
- Enterprise Usage
- 60%
- Type
- Not available
- Impact
- Not available
- Exploitation Description
- Not available
- Detection Method
- Unknown
- Detection Method Types
- Not available
- Detection Method URLs
- Not available
- PoC Available
- Unknown
- PoC URLs
- Not available
- Default Config Exploitable
- Unknown
- Exploitation Requirements
- Not available
- Requirements URLs
- Not available
- Requirements Probability
- Not available
- Authentication Needed
- Unknown
- CVE ID
- Not available
- Description
- Not available
- CVSS Score
- Not available
- Published
- Not available
- Last Modified
- Not available
- CVSS Vector
- Not available
- Attack Vector (AV)
- Not available
- Attack Complexity (AC)
- Not available
- Privileges Required (PR)
- Not available
- User Interaction (UI)
- Not available
- Scope (S)
- Not available
- Confidentiality (C)
- Not available
- Integrity (I)
- Not available
- Availability (A)
- Not available
- CWE
- Not available
- NVD URL
- Not available
- CPE Configuration
- Not available
- Version From
- Not available
- Version UpTo
- Not available
- Remediation Type
- Not available
- Remediation Description
- Not available
- Remediation URLs
- Not available
- EPSS Score
- Not available
- EPSS Percentile
- Not available
- EPSS Last Updated
- Not available
- CISA KEV
- Unknown
- CISA KEV Date Added
- Not available
- Active Exploitation
- Not available
- Active Exploitation URLs
- Not available
- Threat Actors
- Not available
- Threat Actors URLs
- Not available
- IOCs
- Not available
- Detection Rules
- Not available
- Threat Hunting URLs
- Not available
- Articles Used
- Not available
- Sources
- https://support.citrix.com/external/article/694938
- https://www.netscaler.com/blog/news/critical-security-update-announced-for-netscaler-gateway-and-netscaler/
- https://digital.nhs.uk/cyber-alerts/2025/cc-4695
- https://cert.europa.eu/publications/security-advisories/2025-033/pdf
- https://wwwSecurityWeek.com/critical-vulnerability-patched-in-citrix-netscaler/