Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
2 vulnerabilities
CVE-2026-3055 (GCVE-0-2026-3055)
Vulnerability from cvelistv5 – Published: 2026-03-23 20:21 – Updated: 2026-03-31 03:55
VLAI?
Title
Insufficient input validation leading to memory overread
Summary
Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread
Severity ?
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
Date Public ?
2026-03-23 19:20
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3055",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-23T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2026-03-30",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-3055"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T03:55:32.569Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://labs.watchtowr.com/please-we-beg-just-one-weekend-free-of-appliances-citrix-netscaler-cve-2026-3055-memory-overread-part-2/"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-3055"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-30T00:00:00.000Z",
"value": "CVE-2026-3055 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ADC",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "66.59",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "62.23",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "37.262",
"status": "affected",
"version": "13.1 FIPS and NDcPP",
"versionType": "patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Gateway",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "66.59",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "62.23",
"status": "affected",
"version": "13.1",
"versionType": "patch"
}
]
}
],
"datePublic": "2026-03-23T19:20:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficient input validation in\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNetScaler ADC and NetScaler Gateway when\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;configured as a SAML IDP\u0026nbsp;\u003c/span\u003eleading to\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;memory overread\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Insufficient input validation in\u00a0NetScaler ADC and NetScaler Gateway when\u00a0configured as a SAML IDP\u00a0leading to\u00a0memory overread"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-23T20:21:27.107Z",
"orgId": "50a63c94-1ea7-4568-8c11-eb79e7c5a2b5",
"shortName": "NetScaler"
},
"references": [
{
"url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Insufficient input validation leading to memory overread",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "50a63c94-1ea7-4568-8c11-eb79e7c5a2b5",
"assignerShortName": "NetScaler",
"cveId": "CVE-2026-3055",
"datePublished": "2026-03-23T20:21:27.107Z",
"dateReserved": "2026-02-23T18:00:08.900Z",
"dateUpdated": "2026-03-31T03:55:32.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4368 (GCVE-0-2026-4368)
Vulnerability from cvelistv5 – Published: 2026-03-23 20:09 – Updated: 2026-03-24 03:56
VLAI?
Title
Race Condition leading to User Session Mixup
Summary
Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server leading to User Session Mixup
Severity ?
Assigner
References
Impacted products
Date Public ?
2026-03-23 20:02
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4368",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-23T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-24T03:56:06.153Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ADC",
"vendor": "NetScaler",
"versions": [
{
"status": "affected",
"version": "14.1.66.54",
"versionType": "patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Gateway",
"vendor": "NetScaler",
"versions": [
{
"status": "affected",
"version": "14.1.66.54"
}
]
}
],
"datePublic": "2026-03-23T20:02:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan\u003eRace Condition in\u0026nbsp;\u003c/span\u003e\u003cspan\u003eNetScaler ADC and NetScaler Gateway when a\u003c/span\u003e\u003cspan\u003eppliance is configured as\u0026nbsp;\u003c/span\u003e\u003cspan\u003eGateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or\u003c/span\u003e\u003cspan\u003e\u0026nbsp;\u003c/span\u003e\u003cspan\u003eAAA virtual server\u003c/span\u003e\u003cspan\u003e\u0026nbsp;leading to User Session Mixup\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Race Condition in\u00a0NetScaler ADC and NetScaler Gateway when appliance is configured as\u00a0Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or\u00a0AAA virtual server\u00a0leading to User Session Mixup"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-23T20:09:44.971Z",
"orgId": "50a63c94-1ea7-4568-8c11-eb79e7c5a2b5",
"shortName": "NetScaler"
},
"references": [
{
"url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Race Condition leading to User Session Mixup",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "50a63c94-1ea7-4568-8c11-eb79e7c5a2b5",
"assignerShortName": "NetScaler",
"cveId": "CVE-2026-4368",
"datePublished": "2026-03-23T20:09:44.971Z",
"dateReserved": "2026-03-18T05:23:50.518Z",
"dateUpdated": "2026-03-24T03:56:06.153Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}