Sources
CVE-2026-3055: Citrix NetScaler Critical Memory Overread Under Active Exploitation — CISA Deadline April 2
CISA added CVE-2026-3055 (CVSS 9.3) to KEV on March 30 with evidence of active exploitation. Attackers send crafted SAMLRequest payloads to /saml/login to leak memory contents including admin session IDs via NSC_TASS cookies. Affects systems configured as SAML IDP. Federal agencies have until April 2 to patch. Rapid7, Horizon3.ai, and multiple security firms confirmed active reconnaissance probing /cgi/GetAuthMethods to fingerprint vulnerable configurations.
↳ Follow the thread