Forem

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

CVE-2026-3055: CVE-2026-3055: Out-of-Bounds Read in Citrix NetScaler SAML IDP

#security #cve #cybersecurity

CVE-2026-3055: Out-of-Bounds Read in Citrix NetScaler SAML IDP

Vulnerability ID: CVE-2026-3055
CVSS Score: 9.3
Published: 2026-03-23

CVE-2026-3055 is a critical out-of-bounds read vulnerability affecting customer-managed instances of Citrix NetScaler ADC and NetScaler Gateway. It allows unauthenticated remote attackers to read sensitive data from appliance memory when configured as a SAML Identity Provider.

TL;DR

A critical memory leak (CWE-125) in Citrix NetScaler's SAML IDP implementation allows unauthenticated attackers to read sensitive memory content via crafted SAML requests. Immediate patching is required for affected customer-managed appliances.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-125
  • Attack Vector: Network
  • CVSS v4.0 Score: 9.3
  • EPSS Score: 0.00023
  • Impact: Information Disclosure / Session Hijacking
  • Exploit Status: POC-Expected / Active-Imminent
  • KEV Status: Not Listed

Affected Systems

  • Citrix NetScaler ADC
  • Citrix NetScaler Gateway
  • NetScaler ADC & Gateway: < 14.1-66.59 (Fixed in: 14.1-66.59)
  • NetScaler ADC & Gateway: < 13.1-62.23 (Fixed in: 13.1-62.23)
  • NetScaler ADC (FIPS/NDcPP): < 13.1-37.262 (Fixed in: 13.1-37.262)

Mitigation Strategies

  • Identify vulnerable SAML IDP configurations
  • Upgrade firmware to vendor-patched versions
  • Reboot appliances to clear volatile memory buffers
  • Rotate active sessions and monitor for token reuse

Remediation Steps:

  1. Access the NetScaler command line interface (CLI).
  2. Execute 'show authentication samlIdPProfile' to verify SAML IDP configuration.
  3. Download the appropriate fixed firmware version (e.g., 14.1-66.59 or 13.1-62.23) from the Citrix Support portal.
  4. Apply the firmware update to all affected customer-managed NetScaler appliances.
  5. Reboot the appliance to finalize the update process and clear affected memory buffers.
  6. Force re-authentication for all active users to invalidate potentially compromised session tokens.

References

Read the full report for CVE-2026-3055 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)