Posting Date: 2026/04/28 Posting Date: 2026/04/28

[Vulnerability Alert] CISA Adds 3 Known Exploited Vulnerabilities to KEV Catalog (2026/03/30-2026/04/05)

* Subject: [Vulnerability Alert] CISA Adds 3 Known Exploited Vulnerabilities to KEV Catalog (2026/03/30-2026/04/05)

* Description:

  • Forwarded from Taiwan Computer Emergency Response Team / Coordination Center Security Alert: TWCERTCC-200-202604-00000005.
  • 【CVE-2026-3055】Citrix NetScaler Out-of-Bounds Read Vulnerability (CVSS v3.1: 9.8)
  • 【Ransomware Exploitation: Unknown】 When configured as a SAML IdP, Citrix NetScaler ADC, NetScaler Gateway, as well as NetScaler ADC FIPS and NDcPP, contain an out-of-bounds read vulnerability that may lead to excessive memory reading.
  • 【CVE-2026-5281】Google Dawn Use-After-Free Vulnerability (CVSS v3.1: 8.8)
  • 【Ransomware Exploitation: Unknown】 Google Dawn contains a use-after-free vulnerability that could allow a remote attacker who has compromised the renderer process to execute arbitrary code via a specially crafted HTML page. This vulnerability may affect multiple Chromium-based products, including but not limited to Google Chrome, Microsoft Edge, and Opera.
  • 【CVE-2026-3502】TrueConf Client Download of Code Without Integrity Check Vulnerability (CVSS v3.1: 7.8)
  • 【Ransomware Exploitation: Unknown】 TrueConf Client contains a vulnerability where code is downloaded without an integrity check. An attacker capable of influencing the update transmission path could replace the update payload with a tampered version; once executed or installed by the update program, this could lead to arbitrary code execution within the scope of the update process or user permissions.

* Affected Platforms:

* Recommended Actions:

Computer and Communication Center
Network Systems Division