Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug

2026-03-28

1 min read

by info@thehackernews.com (The Hacker News)

Read Original

Get the latest tech trends every morning

Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.

Endigest AI Core Summary

This article covers CVE-2026-3055, a critical memory overread vulnerability (CVSS 9.3) in Citrix NetScaler ADC and Gateway that is under active reconnaissance and exploitation.

•The flaw stems from insufficient input validation and allows attackers to leak sensitive memory contents via the NSC_TASS cookie.
•Exploitation requires the appliance to be configured as a SAML Identity Provider (SAML IDP); attackers probe /cgi/GetAuthMethods to fingerprint auth methods.
•Two distinct endpoints are affected: /saml/login and /wsfed/passive?wctx, with the wsfed variant triggered by a valueless 'wctx' query parameter.
•Affected versions include NetScaler ADC/Gateway before 14.1-60.58, 14.1-66.59, and 13.1-62.23, as well as FIPS/NDcPP variants before 13.1-37.262.
•

Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug

Get the latest tech trends every morning

Endigest AI Core Summary

Related Articles

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture