ACCORDING to CISA, the Known Exploited Vulnerabilities (KEV) Catalog currently lists CVE-2026-3055 under Citrix NetScaler as an out-of-bounds reads vulnerability in Citrix NetScaler ADC (formerly Citrix ADC), NetScaler Gateway (formerly Citrix Gateway) and NetScaler ADC FIPS and NDcPP when configured as a SAML IDP, which can lead to a memory overread.
The entry notes that the vulnerability is associated with Citrix NetScaler products and provides related references to vendor guidance and the NVD page for further detail. Date Added is 30 March 2026 with a Due Date of 2 April 2026. Known to be used in ransomware campaigns? claims to be Unknown. Action: apply mitigations per vendor instructions, follow applicable guidance for cloud services, or discontinue use of the product if mitigations are unavailable.