CVE-2026-3055

Name of the Vulnerable Software and Affected Versions NetScaler ADC versions prior to 14.1-60.58 NetScaler Gateway versions prior to 13.1-662.23

Description Insufficient input validation in NetScaler ADC and NetScaler Gateway, when configured as a SAML Identity Provider (IdP), leads to an out-of-bounds memory read. An unauthenticated remote attacker can exploit this by sending specially crafted SAML authentication requests containing a malformed AttributeValue length. This causes the SAML processing module to read past the input buffer into the system's heap memory, potentially leaking sensitive data such as active session tokens, administrative credentials, and private cryptographic keys. This leak allows attackers to bypass Multi-Factor Authentication (MFA) and hijack live user sessions. Approximately 30,000 instances are estimated to be internet-exposed globally, and active exploitation by threat actors has been reported.

Recommendations Update NetScaler ADC to version 14.1-60.58 or later. Update NetScaler Gateway to version 13.1-662.23 or later. Perform a full reboot of the appliance after patching to clear the memory space. Terminate all active user sessions and force a global logout post-patching. Use the flush cache command to remove any remaining malicious SAML data. Rotate private keys used for SAML signing if a breach is suspected. As a temporary mitigation, restrict or disable the SAML IdP configuration if not strictly required.