CVE-2026-3055

Overview

NetScaler
ADC

23 Mar 2026

Published

31 Mar 2026

Updated

CVSS v4.0

CRITICAL (9.3)

EPSS

0.03%

MITRE

KEV

Description

Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread

Statistics

14 Posts
16 Interactions

Last activity: Last hour

Fediverse

Erik Jonker @ErikJonker

It just never stops those Citrix vulnerabilities...
https://thecyberexpress.com/cve-2026-3055-citrix-netscaler-saml-idp/
#citrix #cybersecurity #cve

3
3
0
19h ago

:mastodon: decio @decio

⚠️ CVE-2026-3055 / Citrix NetScaler : la reconnaissance est en cours.

Des activités de reconnaissance ciblent déjà les appliances exposées, avec notamment des requêtes vers /cgi/GetAuthMethods pour identifier les configs exploitables, en particulier les environnements SAML IdP.
GBHackers relaie ces observations
👇
https://gbhackers.com/hackers-probe-citrix-netscaler-systems-cve-2026-3055-exploitation/

Côté exposition, ONYPHE recense plus de 18000 IP uniques sur une version vulnérable, (dont environ +800 en Suisse).
👇
https://www.linkedin.com/posts/onyphe_vulnerability-asm-attacksurfacemanagement-activity-7442250727046987776-ofYV

Le pattern rappelle clairement les précédents CitrixBleed : si du NetScaler est encore exposé, la fenêtre avant exploitation de masse pourrait être très courte.

#CyberVeille #CVE_2026_3055 #Citrix

0
1
0
21h ago

:mastodon: decio @decio

la vulnérabilité est à considérer comme activement exploitée selon watchTowr.

ils ont publié une analyse technique détaillée de la faille, utile pour mieux comprendre le mécanisme d’exploitation
👇
https://labs.watchtowr.com/please-we-beg-just-one-weekend-free-of-appliances-citrix-netscaler-cve-2026-3055-memory-overread-part-2/

Pour les équipes concernées, on n’est plus dans l’anticipation mais dans la réaction rapide.

#CyberVeille #Citrix #CVE_2026_3055

0
1
0
21h ago

Günter Born @gborn

Jemand mit Citrix (Netscaler oder Gateway) unterwegs und ungepatcht? Schwachstelle CVE-2026-3055 wird angegriffen

https://borncity.com/blog/2026/03/30/schwachstelle-cve-2026-3055-in-citrix-netscaler-adc-und-gateway-wird-angegriffen/

0
0
1
14h ago

Codebender_Cate :verified: @Codebender_Cate

https://www.sentinelone.com/vulnerability-database/cve-2026-3055/

0
0
0
Last hour

Bluesky

BleepingComputer @bleepingcomputer.com

Hackers are exploiting a critical severity vulnerability, tracked as CVE-2026-3055, in Citrix NetScaler ADC and NetScaler Gateway appliances to obtain sensitive data.

3
5
0
10h ago

Sami Laiho @samilaiho.com

The Sequels Are Never As Good, But We're Still In Pain (Citrix NetScaler CVE-2026-3055 Memory Overread) labs.watchtowr.com/the-sequels-...

0
0
0
17h ago

CyberVeille @cyberveille-ch.bsky.social

📢 CVE-2026-3055 : Citrix NetScaler – Seconde vulnérabilité de fuite mémoire exploitée in-the-wild 📝 ## 🔍 Contexte Publié le 30 mars 2026 … https://cyberveille.ch/posts/2026-03-30-cve-2026-3055-citrix-netscaler-seconde-vulnerabilite-de-fuite-memoire-exploitee-in-the-wild/ #CVE_2026_3055 #Cyberveille

0
0
0
15h ago

CyberVeille @cyberveille-ch.bsky.social

📢 CVE-2026-3055 : Vulnérabilité critique sur Citrix NetScaler déjà ciblée par des acteurs malveillants 📝 ## 🔍 Contexte Publié le 3… https://cyberveille.ch/posts/2026-03-30-cve-2026-3055-vulnerabilite-critique-sur-citrix-netscaler-deja-ciblee-par-des-acteurs-malveillants/ #CVE_2026_3055 #Cyberveille

0
0
0
15h ago

piggo @pigondrugs.bsky.social

~Cisa~ CISA added actively exploited Citrix NetScaler flaw (CVE-2026-3055) to the KEV catalog. - IOCs: CVE-2026-3055 - #CVE20263055 #Citrix #ThreatIntel

0
0
0
8h ago

キタきつね @kitafox.bsky.social

CISAが既知の悪用された脆弱性を1件カタログに追加 CISA Adds One Known Exploited Vulnerability to Catalog #CISA (Mar 30) CVE-2026-3055 Citrix NetScalerの境界外読み取りの脆弱性 www.cisa.gov/news-events/...

0
0
0
1h ago

piggo @pigondrugs.bsky.social

~Cybergcca~ CCCS issued 10 advisories, warning of critical, actively exploited vulnerabilities in Fortinet FortiClientEMS and Citrix NetScaler. - IOCs: CVE-2026-21643, CVE-2026-3055 - #CVE #Citrix #Fortinet #ThreatIntel

0
0
0
12h ago

OpsMatters @opsmatters.com

The latest update for #CyCognito includes "Emerging Threat: F5 BIG-IP Access Policy Manager Remote Code Execution (CVE-2025-53521)" and "Citrix NetScaler ADC and Gateway Vulnerabilities (CVE-2026-3055 & CVE-2026-4368)". #cybersecurity #AttackSurfaceManagement #EASM https://opsmtrs.com/44Srq0X

0
0
0
2h ago

CVE-2026-21643

Overview

Fortinet
FortiClientEMS

06 Feb 2026

Published

31 Mar 2026

Updated

CVSS v3.1

CRITICAL (9.1)

EPSS

0.05%

MITRE

KEV

Description

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

Statistics

7 Posts
3 Interactions

Last activity: 1 hour ago

Fediverse

Rishi @rxerium

🚨 CVE-2026-21643 an SQL Injection vulnerability (CVSS 9.8) is seeing active exploitation in the wild as reported by @DefusedCyber

Vulnerability detection script available here:
https://github.com/rxerium/rxerium-templates/blob/main/2026/CVE-2026-21643.yaml

This vulnerability currently only affects FortiClientEMS 7.4.4 and it is recommended that you upgrade to 7.4.5 or later as reported by Fortinet:
https://fortiguard.fortinet.com/psirt/FG-IR-25-1142

0
0
0
9h ago

Bluesky

Help Net Security @helpnetsecurity.com

Critical Fortinet FortiClient EMS bug under active attack (CVE-2026-21643) 📖 Read more: www.helpnetsecurity.com/2026/03/30/f... #cybersecurity #cybersecuritynews #enterprise #vulnerability @bishopfox.bsky.social

0
2
0
15h ago

Red Siege @redsiege.com

Critical bug (CVE-2026-21643) in Fortinet FortiClient EMS is already being exploited. Unauthenticated attackers can run code via the web interface, and thousands of instances are exposed. Patch ASAP (7.4.5+). via @bleepingcomputer.com www.bleepingcomputer.com/news/securit...

0
1
0
11h ago

Cybersecurity News Everyday @hendryadrian.bsky.social

Critical SQL injection CVE-2026-21643 in Fortinet FortiClient EMS 7.4.4 is actively exploited, allowing unauthenticated code execution via EMS web interface. Patch to 7.4.5+ to fix thousands exposed globally. #FortinetFlaw #SQLInjection #USA

0
0
0
17h ago

Undercode Testing @undercode.bsky.social

Critical FortiClient EMS SQL Injection (CVE-2026-21643) Actively Exploited: Attackers Bypass WAF via HTTP Headers + Video Introduction: A critical severity SQL injection vulnerability, designated CVE-2026-21643, has been identified in Fortinet’s FortiClient Endpoint Management Server (EMS) and is…

0
0
0
10h ago

キタきつね @kitafox.bsky.social

Fortinet FortiClient EMSの重大な脆弱性が現在攻撃を受けています（CVE-2026-21643） Critical Fortinet FortiClient EMS bug under active attack (CVE-2026-21643) #HelpNetSecurity (Mar 30) www.helpnetsecurity.com/2026/03/30/f...

0
0
0
1h ago

piggo @pigondrugs.bsky.social

~Cybergcca~ CCCS issued 10 advisories, warning of critical, actively exploited vulnerabilities in Fortinet FortiClientEMS and Citrix NetScaler. - IOCs: CVE-2026-21643, CVE-2026-3055 - #CVE #Citrix #Fortinet #ThreatIntel

0
0
0
12h ago

CVE-2025-53521

Overview

F5
BIG-IP

15 Oct 2025

Published

29 Mar 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

19.16%

MITRE

KEV

Description

When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Execution (RCE). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Statistics

7 Posts

Last activity: 2 hours ago

Fediverse

Tom Sellers @TomSellers

@offseq There has literally been a CVE and patch for this since October - https://www.runzero.com/blog/f5-bigip-instances/#latest-f5-big-ip-vulnerability-cve-2025-53521

0
0
0
17h ago

Bluesky

Information Security Briefly @infosecbriefly.bsky.social

CISA warns of exploitation of a critical F5 BIG-IP vulnerability, CVE-2025-53521, allowing remote code execution on affected systems.

0
0
0
21h ago

CyberVeille @cyberveille-ch.bsky.social

📢 Exploitation active de CVE-2025-53521 : F5 BIG-IP APM reclassifié en RCE critique 📝 ## 🔍 Contexte Source : BleepingComputer, publié le 30 mars 2026. https://cyberveille.ch/posts/2026-03-30-exploitation-active-de-cve-2025-53521-f5-big-ip-apm-reclassifie-en-rce-critique/ #CISA_KEV #Cyberveille

0
0
0
16h ago

piggo @pigondrugs.bsky.social

~Ncsc~ Actively exploited unauthenticated RCE (CVE-2025-53521) affects F5 BIG-IP APM; immediate mitigation and compromise investigation required. - IOCs: CVE-2025-53521 - #CVE202553521 #F5 #ThreatIntel

0
0
0
16h ago

Cybersecurity News Everyday @hendryadrian.bsky.social

F5 reclassifies BIG-IP APM flaw CVE-2025-53521 from DoS to critical RCE after active exploitation deploying webshells on unpatched devices. Over 240K instances exposed online. #BIGIPAPM #RemoteCodeExecution #USA

0
0
0
11h ago

キタきつね @kitafox.bsky.social

F5 BIG-IP Access Policy Managerの脆弱性（CVE-2025-53521）に関する注意喚起 #JPCERTCC (Mar 30) www.jpcert.or.jp/at/2026/at26...

0
0
0
4h ago

OpsMatters @opsmatters.com

The latest update for #CyCognito includes "Emerging Threat: F5 BIG-IP Access Policy Manager Remote Code Execution (CVE-2025-53521)" and "Citrix NetScaler ADC and Gateway Vulnerabilities (CVE-2026-3055 & CVE-2026-4368)". #cybersecurity #AttackSurfaceManagement #EASM https://opsmtrs.com/44Srq0X

0
0
0
2h ago

CVE-2026-3587

Overview

WAGO
Lean Managed Switch 852-1812

23 Mar 2026

Published

24 Mar 2026

Updated

CVSS v3.1

CRITICAL (10.0)

EPSS

0.12%

MITRE

KEV

Description

An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface, leading to full compromise of the device.

Statistics

1 Post
27 Interactions

Last activity: 19 hours ago

Fediverse

Dickenhobelix @dickenhobelix

Hui, CVE für einen Wago Switch mit CVSS 10.0: An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface, leading to full compromise of the device.

Bingo!

FTR: CVE-2026-3587

12
15
0
19h ago

CVE-2026-3098

Overview

nextendweb
Smart Slider 3

27 Mar 2026

Published

27 Mar 2026

Updated

CVSS v3.1

MEDIUM (6.5)

EPSS

0.03%

MITRE

KEV

Description

The Smart Slider 3 plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.5.1.33 via the 'actionExportAll' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.

Statistics

2 Posts

Last activity: 2 hours ago

Bluesky

CyberVeille @cyberveille-ch.bsky.social

📢 CVE-2026-3098 : faille de lecture de fichiers dans Smart Slider 3 expose 500 000 sites WordPress 📝 ## 🔍 Contexte Publié le 29 mars 2… https://cyberveille.ch/posts/2026-03-30-cve-2026-3098-faille-de-lecture-de-fichiers-dans-smart-slider-3-expose-500-000-sites-wordpress/ #CVE_2026_3098 #Cyberveille

0
0
0
16h ago

セキュリティ対策Lab @securitylab-jp.bsky.social

WordPressのスライダープラグイン Smart Slider 3に任意ファイル読み取り脆弱性(CVE-2026-3098)-80万超のWordPress サイトに影響 rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews

0
0
0
2h ago

CVE-2026-31893

Overview

Pending

Pending

Published

Pending

Updated

CVSS

Pending

EPSS

Pending

MITRE

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

1 Post
6 Interactions

Last activity: 15 hours ago

Fediverse

raptor :C_H: @raptor

Anyone knows anything more about this #Tunnelblick #vulnerability?

"CVE-2026-31893 describes a serious Tunnelblick vulnerability.

This vulnerability is present in all versions of all Tunnelblick versions 3.3beta26 through 9.0beta01.

Tunnelblick 8.0.1 and 9.0beta02 contain fixes for the vulnerability.

The CVE is expected to be published and this page updated on or before 2026-03-27."

https://tunnelblick.net/CVE-2026-31893.html

2
4
0
15h ago

CVE-2025-15036

Overview

mlflow
mlflow/mlflow

30 Mar 2026

Published

31 Mar 2026

Updated

CVSS v3.0

CRITICAL (9.6)

EPSS

0.05%

MITRE

KEV

Description

A path traversal vulnerability exists in the `extract_archive_to_dir` function within the `mlflow/pyfunc/dbconnect_artifact_cache.py` file of the mlflow/mlflow repository. This vulnerability, present in versions before v3.7.0, arises due to the lack of validation of tar member paths during extraction. An attacker with control over the tar.gz file can exploit this issue to overwrite arbitrary files or gain elevated privileges, potentially escaping the sandbox directory in multi-tenant or shared cluster environments.

Statistics

1 Post
3 Interactions

Last activity: 20 hours ago

Bluesky

BaseFortify.eu @basefortify.bsky.social

🚨 CVE-2025-15036 (CRITICAL 9.6) MLflow archive extraction flaw allows attackers to overwrite arbitrary files via path traversal (“../”) in tar.gz files, potentially leading to privilege escalation and sandbox escape. 🔎 basefortify.eu/cve_reports/... #CVE #CyberSecurity #MLflow #PathTraversal

1
2
0
20h ago

CVE-2025-1727

Overview

End-of-Train and Head-of-Train remote linking protocol
End-of-Train and Head-of-Train remote linking protocol

10 Jul 2025

Published

11 Jul 2025

Updated

CVSS v3.1

HIGH (8.1)

EPSS

0.03%

MITRE

KEV

Description

The protocol used for remote linking over RF for End-of-Train and Head-of-Train (also known as a FRED) relies on a BCH checksum for packet creation. It is possible to create these EoT and HoT packets with a software defined radio and issue brake control commands to the EoT device, disrupting operations or potentially overwhelming the brake systems.

Statistics

1 Post
3 Interactions

Last activity: 19 hours ago

Fediverse

Dickenhobelix @dickenhobelix

CVE-2025-1727 makes trains go brrrrrrrrrrrt

Eingleisübung wann?

1
2
0
19h ago

CVE-2026-0848

Overview

nltk
nltk/nltk

05 Mar 2026

Published

06 Mar 2026

Updated

CVSS v3.0

CRITICAL (10.0)

EPSS

0.48%

MITRE

KEV

Description

NLTK versions <=3.9.2 are vulnerable to arbitrary code execution due to improper input validation in the StanfordSegmenter module. The module dynamically loads external Java .jar files without verification or sandboxing. An attacker can supply or replace the JAR file, enabling the execution of arbitrary Java bytecode at import time. This vulnerability can be exploited through methods such as model poisoning, MITM attacks, or dependency poisoning, leading to remote code execution. The issue arises from the direct execution of the JAR file via subprocess with unvalidated classpath input, allowing malicious classes to execute when loaded by the JVM.

Statistics

1 Post
1 Interaction

Last activity: 14 hours ago

Fediverse

Claudio C @cktodon

Cómo un fallo en una librería de #Python puede comprometer sistemas de #IA (CVE-2026-0848)

https://unaaldia.hispasec.com/2026/03/como-un-fallo-en-una-libreria-de-python-puede-comprometer-sistemas-de-ia-cve-2026-0848.html?utm_source=rss&amp

1
0
0
14h ago

CVE-2026-5119

Overview

Red Hat
Red Hat Enterprise Linux 10
libsoup3

30 Mar 2026

Published

30 Mar 2026

Updated

CVSS

Pending

EPSS

0.02%

MITRE

KEV

Description

A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential session hijacking or user impersonation.

Statistics

1 Post
1 Interaction

Last activity: 9 hours ago

Fediverse

Kona Arctic :therian: :verified: @kona

excited to announce fox found their first browser exploit
https://nvd.nist.gov/vuln/detail/CVE-2026-5119

#hacking #exploit #cybersecurity

1
0
0
9h ago