Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities
CVE-2026-3055 (GCVE-0-2026-3055)
Vulnerability from cvelistv5 – Published: 2026-03-23 20:21 – Updated: 2026-03-31 03:55
VLAI?
Title
Insufficient input validation leading to memory overread
Summary
Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread
Severity ?
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
Date Public ?
2026-03-23 19:20
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3055",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-23T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2026-03-30",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-3055"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T03:55:32.569Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://labs.watchtowr.com/please-we-beg-just-one-weekend-free-of-appliances-citrix-netscaler-cve-2026-3055-memory-overread-part-2/"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-3055"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-30T00:00:00.000Z",
"value": "CVE-2026-3055 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ADC",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "66.59",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "62.23",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "37.262",
"status": "affected",
"version": "13.1 FIPS and NDcPP",
"versionType": "patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Gateway",
"vendor": "NetScaler",
"versions": [
{
"lessThan": "66.59",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "62.23",
"status": "affected",
"version": "13.1",
"versionType": "patch"
}
]
}
],
"datePublic": "2026-03-23T19:20:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficient input validation in\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNetScaler ADC and NetScaler Gateway when\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;configured as a SAML IDP\u0026nbsp;\u003c/span\u003eleading to\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;memory overread\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Insufficient input validation in\u00a0NetScaler ADC and NetScaler Gateway when\u00a0configured as a SAML IDP\u00a0leading to\u00a0memory overread"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-23T20:21:27.107Z",
"orgId": "50a63c94-1ea7-4568-8c11-eb79e7c5a2b5",
"shortName": "NetScaler"
},
"references": [
{
"url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Insufficient input validation leading to memory overread",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "50a63c94-1ea7-4568-8c11-eb79e7c5a2b5",
"assignerShortName": "NetScaler",
"cveId": "CVE-2026-3055",
"datePublished": "2026-03-23T20:21:27.107Z",
"dateReserved": "2026-02-23T18:00:08.900Z",
"dateUpdated": "2026-03-31T03:55:32.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4368 (GCVE-0-2026-4368)
Vulnerability from cvelistv5 – Published: 2026-03-23 20:09 – Updated: 2026-03-24 03:56
VLAI?
Title
Race Condition leading to User Session Mixup
Summary
Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server leading to User Session Mixup
Severity ?
Assigner
References
Impacted products
Date Public ?
2026-03-23 20:02
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4368",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-23T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-24T03:56:06.153Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ADC",
"vendor": "NetScaler",
"versions": [
{
"status": "affected",
"version": "14.1.66.54",
"versionType": "patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Gateway",
"vendor": "NetScaler",
"versions": [
{
"status": "affected",
"version": "14.1.66.54"
}
]
}
],
"datePublic": "2026-03-23T20:02:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan\u003eRace Condition in\u0026nbsp;\u003c/span\u003e\u003cspan\u003eNetScaler ADC and NetScaler Gateway when a\u003c/span\u003e\u003cspan\u003eppliance is configured as\u0026nbsp;\u003c/span\u003e\u003cspan\u003eGateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or\u003c/span\u003e\u003cspan\u003e\u0026nbsp;\u003c/span\u003e\u003cspan\u003eAAA virtual server\u003c/span\u003e\u003cspan\u003e\u0026nbsp;leading to User Session Mixup\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Race Condition in\u00a0NetScaler ADC and NetScaler Gateway when appliance is configured as\u00a0Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or\u00a0AAA virtual server\u00a0leading to User Session Mixup"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-23T20:09:44.971Z",
"orgId": "50a63c94-1ea7-4568-8c11-eb79e7c5a2b5",
"shortName": "NetScaler"
},
"references": [
{
"url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Race Condition leading to User Session Mixup",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "50a63c94-1ea7-4568-8c11-eb79e7c5a2b5",
"assignerShortName": "NetScaler",
"cveId": "CVE-2026-4368",
"datePublished": "2026-03-23T20:09:44.971Z",
"dateReserved": "2026-03-18T05:23:50.518Z",
"dateUpdated": "2026-03-24T03:56:06.153Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}