By Kevin Poireault
Publication Date: 2026-03-30 10:45:00
A critical vulnerability in Citrix’s networking and security solutions is being exploited in the wild, security researchers have confirmed.
The vulnerability, disclosed by Citrix as CVE-2026-3055 on March 23, is a critical out-of-bounds read in NetScaler Application Delivery Controller (ADC) and NetScaler Gateway with a critical CVSS v4.0 score of 9.3.
The two products, formerly known as Citrix ADC and Citrix Gateway, are networking and security solutions used by enterprises to manage, optimize and secure application delivery and remote access.
Identified internally by Citrix’s parent company, the Cloud Software Group, CVE-2026-3055 is due to insufficient input validation leading to memory overread. If exploited, it can enable an unauthenticated remote attacker to leak potentially sensitive information from the appliance’s memory.
Specifically, it affects the following versions of both products:
- NetScaler ADC and NetScaler Gateway versions 14.1 before…
