{"uuid": "2297a9ff-e188-4b48-8a35-8decb065a4c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3055", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/citrix_netscaler_cve_2026_3055.rb", "content": "{\"actions\": [], \"aliases\": [], \"arch\": \"\", \"author\": [\"watchTowr\", \"sfewer-r7\"], \"autofilter_ports\": [80, 8080, 443, 8000, 8888, 8880, 8008, 3000, 8443], \"autofilter_services\": [\"http\", \"https\"], \"check\": true, \"default_credential\": false, \"description\": \"This module scans for a vulnerability that allows a remote, unauthenticated attacker to leak memory from a\\n          target Citrix ADC server configured as a SAML IdP. The leaked memory is then scanned for session cookies\\n          which can be hijacked if found.\", \"disclosure_date\": \"2026-03-23\", \"fullname\": \"auxiliary/scanner/http/citrix_netscaler_cve_2026_3055\", \"is_install_path\": true, \"mod_time\": \"2026-05-20 10:03:51 +0000\", \"name\": \"Citrix ADC (NetScaler) CVE-2026-3055 Scanner\", \"needs_cleanup\": false, \"notes\": {\"Reliability\": [], \"SideEffects\": [], \"Stability\": [\"crash-safe\"]}, \"path\": \"/modules/auxiliary/scanner/http/citrix_netscaler_cve_2026_3055.rb\", \"platform\": \"\", \"post_auth\": false, \"rank\": 300, \"ref_name\": \"scanner/http/citrix_netscaler_cve_2026_3055\", \"references\": [\"CVE-2026-3055\", \"URL-https://labs.watchtowr.com/the-sequels-are-never-as-good-but-were-still-in-pain-citrix-netscaler-cve-2026-3055-memory-overread/\", \"URL-https://labs.watchtowr.com/please-we-beg-just-one-weekend-free-of-appliances-citrix-netscaler-cve-2026-3055-memory-overread-part-2/\"], \"rport\": 443, \"session_types\": false, \"targets\": null, \"type\": \"auxiliary\"}", "creation_timestamp": "2026-05-20T17:09:03.000000Z"}