Posting Date: 2026/04/28 Posting Date: 2026/04/28

[Vulnerability Alert] CISA Adds 3 Known Exploited Vulnerabilities to KEV Catalog (2026/03/30-2026/04/05)

* Subject: [Vulnerability Alert] CISA Adds 3 Known Exploited Vulnerabilities to KEV Catalog (2026/03/30-2026/04/05)

* Description:

Forwarded from Taiwan Computer Emergency Response Team / Coordination Center Security Alert: TWCERTCC-200-202604-00000005.
【CVE-2026-3055】Citrix NetScaler Out-of-Bounds Read Vulnerability (CVSS v3.1: 9.8)
【Ransomware Exploitation: Unknown】 When configured as a SAML IdP, Citrix NetScaler ADC, NetScaler Gateway, as well as NetScaler ADC FIPS and NDcPP, contain an out-of-bounds read vulnerability that may lead to excessive memory reading.
【CVE-2026-5281】Google Dawn Use-After-Free Vulnerability (CVSS v3.1: 8.8)
【Ransomware Exploitation: Unknown】 Google Dawn contains a use-after-free vulnerability that could allow a remote attacker who has compromised the renderer process to execute arbitrary code via a specially crafted HTML page. This vulnerability may affect multiple Chromium-based products, including but not limited to Google Chrome, Microsoft Edge, and Opera.
【CVE-2026-3502】TrueConf Client Download of Code Without Integrity Check Vulnerability (CVSS v3.1: 7.8)
【Ransomware Exploitation: Unknown】 TrueConf Client contains a vulnerability where code is downloaded without an integrity check. An attacker capable of influencing the update transmission path could replace the update payload with a tampered version; once executed or installed by the update program, this could lead to arbitrary code execution within the scope of the update process or user permissions.

* Affected Platforms:

【CVE-2026-3055】 Please refer to the affected versions listed on the official website: https://support.citrix.com/support-home/home
【CVE-2026-5281】 Please refer to the affected versions listed on the official website: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html
【CVE-2026-3502】 TrueConf versions 8.1.0 to 8.5.2 (inclusive).

* Recommended Actions:

【CVE-2026-3055】 The vendor has released security updates; please update to the relevant versions: https://support.citrix.com/support-home/home
【CVE-2026-5281】 The vendor has released security updates; please update to the relevant versions: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html
【CVE-2026-3502】 Upgrade the corresponding product to the following version (or higher): TrueConf 8.5.3.884

Computer and Communication Center
Network Systems Division