CVE-2026-3055

Confirmed PUBLISHED

Insufficient input validation leading to memory overread

NetScaler · ADC, Gateway

1 day faster than CISA KEV

Exploited in the wild Active exploitation observed PoC available

Recommended Action

Prioritize immediate patching and validate internet-facing exposure. Monitor for matching exploitation attempts in your environment.

Confidence
Confirmed
Exploitation Status
Active exploitation observed
Observed in Sensors
Yes
Attempts (30d)
41
Unique Attacker IPs
17
CISA KEV
In CISA KEV
CVSS / EPSS
9.3 Critical EPSS 84.0%

At a Glance

Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread

cisa nuclei_scanner
CVE Published
Mar 23, 2026
Exploitation Reported
Jun 01, 2026
CVSS
9.3 Critical
EPSS
84.0%
Remote Low complexity No user interaction Unauthenticated

Affected Versions

Vendor Product Version Status
NetScaler
ADC

14.1 to < 66.59

Affected
NetScaler
ADC

13.1 to < 62.23

Affected
NetScaler
ADC

13.1 FIPS and NDcPP to < 37.262

Affected
NetScaler
Gateway

14.1 to < 66.59

Affected
NetScaler
Gateway

13.1 to < 62.23

Affected

CVE References

Recommended Actions

  • Prioritize immediate patching and validate internet-facing exposure. Monitor for matching exploitation attempts in your environment.
  • Review sensor telemetry for request paths, attacker IPs, and payload patterns that may inform detection and exposure validation.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.