Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Citrix NetScaler Memory Overread (CVE-2026-3055) - Vulnerability Database

Citrix NetScaler Memory Overread (CVE-2026-3055)

Description

Citrix NetScaler ADC and NetScaler Gateway contain an insufficient input validation vulnerability when configured as a SAML Identity Provider (IDP). The flaw allows unauthenticated attackers to trigger a memory overread by sending a crafted SAML authentication request to the /saml/login endpoint. Successful exploitation can expose sensitive in-memory data or destabilize the appliance.

Remediation

Update Citrix NetScaler ADC and NetScaler Gateway to the latest patched version. As a workaround, restrict access to the vulnerable endpoint WAF rules. Review application logs for indicators of exploitation.

References

Citrix Security Bulletin CTX696300
watchTowr Labs - CVE-2026-3055 Memory Overread
watchTowr Labs - CVE-2026-3055 Memory Overread Part 2

Related Vulnerabilities

Drupal Views module information disclosure vulnerability Medium
Common tags: Information Disclosure Known Vulnerabilities
Joomla! Core improper access check in webservice endpoints Medium
Common tags: Information Disclosure Known Vulnerabilities
Apache Solr Log4Shell RCE High
Common tags: Information Disclosure Known Vulnerabilities
MediaWiki multiple remote vulnerabilities High
Common tags: Information Disclosure Known Vulnerabilities
Citrix ADC NetScaler Local File Inclusion (CVE-2020-8193) Medium
Common tags: Information Disclosure Known Vulnerabilities

Severity

Critical

Classification

CVE-2026-3055
CWE-125
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Tags

Information Disclosure
Known Vulnerabilities