CYBERSIXT Signal Over Noise
www.cisa.gov 3/30/2026, 8:50:58 PM · via preferred

CISA Adds One Known Exploited Vulnerability to Catalog

Incident Open incident page

U.S. CISA adds a flaw in Citrix NetScaler to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a Citrix NetScaler flaw, tracked as CVE-2026-3055, to its Known Exploited Vulnerabilities (KEV) catalog, with a CVSS score of 9.3. In March, Citrix issued security updates for two NetScaler vulnerabilities, including CVE-2026-3055, which allows unauthenticated attackers to leak…

First seen 2026-03-24T13:48:16.947Z · Last seen 2026-03-31T10:15:39.177Z

CVE-2026-3055 CVE-2026-4368
CyberSIXT Evidence Panel Source marked as original reporting
CVE Intel
CVE-2026-3055 - NVD CISA KEV due 2026-04-02 9.3 CRITICAL Patch Unknown
CISA KEV Listed in KEV
Patch Patch Status Unknown

ACCORDING to CISA, the agency has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. The entry is CVE-2026-3055, described as a Citrix NetScaler Out-of-Bounds Read Vulnerability. CISA notes that this type of flaw is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.

The move aligns with Binding Operational Directive (BOD) 22-01, which established the KEV Catalog as a living list of CVEs that carry significant risk to the federal enterprise and requires agencies to remediate identified vulnerabilities by the due date. While BOD 22-01 applies to Federal Civilian Executive Branch agencies, CISA urges all organisations to prioritise timely remediation of KEV Catalog vulnerabilities as part of vulnerability management. The release date for the alert is 30 March 2026.

View full article

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline