6 min read
By: RedLegg's Cyber Threat Intelligence Team
About:
CVE-2026-3055 is a critical out-of-bounds read vulnerability affecting NetScaler ADC and NetScaler Gateway. The flaw can lead to memory disclosure in systems configured as a SAML Identity Provider.
An unauthenticated remote attacker can exploit this vulnerability to read sensitive data from memory, including session information, authentication tokens, and other security-relevant data processed by the appliance. This exposure may enable session hijacking, authentication bypass scenarios, or further compromise of affected environments.
RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.
VULNERABILITIES
Out-of-Bounds Read Vulnerability in NetScaler ADC and NetScaler Gateway
CVSS Score: 9.3 (Critical, CVSS v3.1)
Identifier: CVE-2026-3055
PoC or Exploitation:
As of the vendor bulletin and current public reporting, there are no confirmed reports of active exploitation in the wild and no publicly available proof-of-concept exploit code.
Update/ Patch:
NetScaler has released security updates addressing this vulnerability.
Affected versions include:
- NetScaler ADC and NetScaler Gateway 14.1 before 14.1-66.59
- NetScaler ADC and NetScaler Gateway 13.1 before 13.1-62.23
- NetScaler ADC 13.1-FIPS and 13.1-NDcPP before 13.1-37.262
Customer-managed instances are affected. Cloud-managed NetScaler instances are not affected.
Vendor advisory and patch guidance:
Description:
CVE-2026-3055 is an out-of-bounds read vulnerability in NetScaler ADC and NetScaler Gateway that can result in memory disclosure. The vulnerability affects systems configured as a SAML Identity Provider.
An unauthenticated remote attacker can exploit this flaw to read sensitive information from memory. This may include session data, authentication tokens, or other sensitive information processed by the appliance.
Mitigation Recommendation:
Immediately upgrade affected NetScaler ADC and NetScaler Gateway appliances to the fixed versions listed in the vendor advisory.
Prioritize patching internet-facing and externally accessible NetScaler systems, especially those configured as SAML Identity Providers.
Restrict access to management and authentication interfaces to trusted networks only.
Monitor authentication logs, SAML transactions, and appliance activity for suspicious behavior or signs of session abuse.
