CVE-2026-3055 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 98%

Affected Products (NVD)

Vendor	Product	Version
citrix	netscaler_application_delivery_controller	13.1 ≤ 𝑥 < 13.1-37.262
citrix	netscaler_application_delivery_controller	13.1 ≤ 𝑥 < 13.1-37.262
citrix	netscaler_application_delivery_controller	13.1 ≤ 𝑥 < 13.1-62.23
citrix	netscaler_application_delivery_controller	14.1 ≤ 𝑥 < 14.1-60.58
citrix	netscaler_gateway	13.1 ≤ 𝑥 < 13.1-62.23
citrix	netscaler_gateway	14.1 ≤ 𝑥 < 14.1-60.58

𝑥

= Vulnerable software versions

Known Exploits!

https://labs.watchtowr.com/please-we-beg-just-one-weekend-free-of-appliances-citrix-netscaler-cve-2026-3055-memory-overread-part-2/

Common Weakness Enumeration

CWE-125 - Out-of-bounds Read
The software reads data past the end, or before the beginning, of the intended buffer.

Vulnerability Media Exposure

[ENGLISH] Critical Citrix NetScaler Vulnerability Exploited in the Wild
Researchers from watchTowr and Defused have found evidence that attackers are actively exploiting CVE-2026-3055, a critical NetScaler vulnerability
Published: 2026-03-30T10:45:00+00:00
[ENGLISH] Citrix Urges Immediate Patching for Critical NetScaler Vulnerabilities
A critical vulnerability in Citrix’s NetScaler products allows unauthenticated remote attackers to leak information from the appliance's memory
Published: 2026-03-24T15:15:00+00:00

References

https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300

https://labs.watchtowr.com/please-we-beg-just-one-weekend-free-of-appliances-citrix-netscaler-cve-2026-3055-memory-overread-part-2/

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-3055